CVE-2023-32732

Aliases:GHSA-9hxf-ppjv-w6rq

Advisory lineage Upstream: 0 Downstream: 3

Downstream

DEBIAN-CVE-2023-32732 SUSE-SU-2024:0573-1 UBUNTU-CVE-2023-32732

Modified

Published: 09 Jun 2023, 10:48

Last modified:13 Feb 2025, 16:55

Vulnerability Summary

Overall Risk (default)

low

21/100

CVSS Score

5.3 MEDIUM

v3.1 (cve.org)

EPSS Score

0.02% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

09 Jun 2023, 10:48

Published

Vulnerability first disclosed

13 Feb 2025, 16:55

Last Modified

Vulnerability information updated

Description

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url

CVSS Metrics

v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Trends

Current EPSS score: 0.02%• Percentile: 7%

Techniques & Countermeasures

CWE-440•Expected Behavior Violation
A feature, API, or function does not perform according to its specification.

Affected Systems

fedoraproject•fedora
37 | 38
RubyGems•grpc
≥ 1.53.0, < 1.53.1 | ≥ 1.54.0, < 1.54.2
google•grpc
≥ 1.53, < 1.54
grpc•grpc
< 1.53.0
io.grpc•grpc-protobuf
≥ 1.53.0, < 1.53.1 | ≥ 1.54.0, < 1.54.2
PyPI•grpcio
≥ 1.53.0, < 1.53.1 | ≥ 1.54.0, < 1.54.2