PT-2023-4873 · Google+3 · Grpc+3

Choeminji

Published

2023-06-09

Updated

2026-02-18

CVE-2023-32731

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions gRPC (affected versions not specified)

Description The issue arises when the gRPC HTTP2 stack encounters a header size exceeded error, causing it to skip parsing the rest of the HPACK frame. This results in a desynchronization of HPACK tables between the sender and receiver. If exploited, this could lead to requests from a proxy being interpreted as containing headers from different proxy clients, resulting in an information leak that can be used for privilege escalation or data exfiltration.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-440

Related Identifiers

ALSA-2025_16880

ALT-PU-2025-4089

BDU:2023-05360

CVE-2023-32731

GHSA-CFGP-2977-2FMM

OPENSUSE-SU-2024:13621-1

OPENSUSE-SU-2024:13634-1

OPENSUSE-SU-2024_0573-1

RHSA-2024:10761

RHSA-2024_10761

SUSE-SU-2024:0573-1

Affected Products

Alt Linux

Red Hat

Suse

Grpc

PT-2023-4873 · Google+3 · Grpc+3

CVE-2023-32731

Weakness Enumeration

Related Identifiers

Affected Products

References · 37