PT-2023-4872 · Grpc+3 · Grpc+3

Chenqi1989

Published

2023-04-18

Updated

2026-02-18

CVE-2023-32732

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions gRPC (affected versions not specified)

Description The issue is related to a base64 encoding error for -bin suffixed headers, which can cause a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. This can be exploited by a client to terminate the connection between a HTTP2 proxy and a gRPC server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-440

Related Identifiers

ALT-PU-2023-1631

BDU:2023-05359

CVE-2023-32732

ECHO-1C5E-F030-6B00

GHSA-9HXF-PPJV-W6RQ

OPENSUSE-SU-2024:13621-1

OPENSUSE-SU-2024:13634-1

OPENSUSE-SU-2024_0573-1

SUSE-SU-2024:0573-1

Affected Products

Alt Linux

Debian

Suse

Grpc

PT-2023-4872 · Grpc+3 · Grpc+3

CVE-2023-32732

Weakness Enumeration

Related Identifiers

Affected Products

References · 38