CVE-2023-32731

Aliases:GHSA-cfgp-2977-2fmm

Advisory lineage Upstream: 0 Downstream: 3

Downstream

RHSA-2024:10761 SUSE-SU-2024:0573-1 UBUNTU-CVE-2023-32731

Modified

Published: 09 Jun 2023, 10:54

Last modified:26 Sept 2024, 19:12

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.1 (nvd)

EPSS Score

0.07% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

09 Jun 2023, 10:54

Published

Vulnerability first disclosed

26 Sept 2024, 19:12

Last Modified

Vulnerability information updated

Description

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005

CVSS Metrics

v3.1•HIGH•Score: 7.4CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 0.07%• Percentile: 23%

Techniques & Countermeasures

CWE-440•Expected Behavior Violation
A feature, API, or function does not perform according to its specification.

Affected Systems

RubyGems•grpc
≥ 1.53.0, < 1.53.1 | ≥ 1.54.0, < 1.54.2
google•grpc
≥ 1.53, ≤ 1.54
grpc•grpc
≥ 1.53.0, < 1.55.0
io.grpc•grpc-protobuf
≥ 1.53.0, < 1.53.1 | ≥ 1.54.0, < 1.54.2
PyPI•grpcio
≥ 1.53.0, < 1.53.1 | ≥ 1.54.0, < 1.54.2