CVE-2023-4785

Name
CVE-2023-4785
Description
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. 
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/grpc/grpc/pull/33670
MISC https://github.com/grpc/grpc/pull/33672
MISC https://github.com/grpc/grpc/pull/33656
MISC https://github.com/grpc/grpc/pull/33667
MISC https://github.com/grpc/grpc/pull/33669

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:* grpc >= 1.54.0 < 1.54.3
cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:* grpc >= 1.23.0 < 1.53.2
cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:* grpc >= 1.55.0 < 1.55.3
cpe:2.3:a:grpc:grpc:1.56.0:*:*:*:*:-:*:* grpc == None == 1.56.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
grpc 3.18-community 1.54.2-r0 wener <wenermail@gmail.com> possibly vulnerable