CVE-2023-32731

09.06.2023, 11:15

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in  https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.4 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Affected Products (NVD)

Vendor	Product	Version
grpc	grpc	1.53.0 ≤ 𝑥 < 1.55.0

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
grpc	grpc	1.53 ≤ 𝑥 ≤ 1.54	ADP

Debian Releases

Debian Product

Codename

grpc

bookworm	1.51.1-3 fixed
bullseye	1.30.2-3 fixed
sid	1.51.1-5 fixed
trixie	1.51.1-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

grpc

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needs-triage
oracular	needs-triage
trusty	dne
xenial	needs-triage

openSUSE / SLES Releases

openSUSE Product

Release

abseil-cpp-devel

suse enterprise desktop 15 SP5	20230802.1-150400.10.4.1 fixed
suse enterprise sap 15 SP5	20230802.1-150400.10.4.1 fixed
suse enterprise server 15 SP4	20230802.1-150400.10.4.1 fixed
suse enterprise server 15 SP5	20230802.1-150400.10.4.1 fixed

grpc-devel

suse enterprise desktop 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise desktop 15 SP7	1.60.0-150600.15.3.1 fixed
suse enterprise sap 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise sap 15 SP7	1.60.0-150600.15.3.1 fixed
suse enterprise server 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise server 15 SP7	1.60.0-150600.15.3.1 fixed

libabsl2308_0_0

suse enterprise desktop 15 SP5	20230802.1-150400.10.4.1 fixed
suse enterprise sap 15 SP5	20230802.1-150400.10.4.1 fixed
suse enterprise server 15 SP4	20230802.1-150400.10.4.1 fixed
suse enterprise server 15 SP5	20230802.1-150400.10.4.1 fixed

libgrpc++1_60

suse enterprise desktop 15 SP5	1.60.0-150400.8.3.2 fixed
suse enterprise desktop 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise desktop 15 SP7	1.60.0-150600.15.3.1 fixed
suse enterprise sap 15 SP5	1.60.0-150400.8.3.2 fixed
suse enterprise sap 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise sap 15 SP7	1.60.0-150600.15.3.1 fixed
suse enterprise server 15 SP4	1.60.0-150400.8.3.2 fixed
suse enterprise server 15 SP5	1.60.0-150400.8.3.2 fixed
suse enterprise server 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise server 15 SP7	1.60.0-150600.15.3.1 fixed

libgrpc1_60

suse enterprise desktop 15 SP5	1.60.0-150400.8.3.2 fixed
suse enterprise desktop 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise desktop 15 SP7	1.60.0-150600.15.3.1 fixed
suse enterprise sap 15 SP5	1.60.0-150400.8.3.2 fixed
suse enterprise sap 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise sap 15 SP7	1.60.0-150600.15.3.1 fixed
suse enterprise server 15 SP4	1.60.0-150400.8.3.2 fixed
suse enterprise server 15 SP5	1.60.0-150400.8.3.2 fixed
suse enterprise server 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise server 15 SP7	1.60.0-150600.15.3.1 fixed

libgrpc37

suse enterprise desktop 15 SP5	1.60.0-150400.8.3.2 fixed
suse enterprise desktop 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise desktop 15 SP7	1.60.0-150600.15.3.1 fixed
suse enterprise sap 15 SP5	1.60.0-150400.8.3.2 fixed
suse enterprise sap 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise sap 15 SP7	1.60.0-150600.15.3.1 fixed
suse enterprise server 15 SP4	1.60.0-150400.8.3.2 fixed
suse enterprise server 15 SP5	1.60.0-150400.8.3.2 fixed
suse enterprise server 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise server 15 SP7	1.60.0-150600.15.3.1 fixed

libprotobuf-lite25_1_0

suse enterprise desktop 15 SP5	25.1-150400.9.3.1 fixed
suse enterprise sap 15 SP5	25.1-150400.9.3.1 fixed
suse enterprise server 15 SP4	25.1-150400.9.3.1 fixed
suse enterprise server 15 SP5	25.1-150400.9.3.1 fixed

libprotobuf25_1_0

suse enterprise desktop 15 SP5	25.1-150400.9.3.1 fixed
suse enterprise sap 15 SP5	25.1-150400.9.3.1 fixed
suse enterprise server 15 SP4	25.1-150400.9.3.1 fixed
suse enterprise server 15 SP5	25.1-150400.9.3.1 fixed

libprotoc25_1_0

suse enterprise desktop 15 SP5	25.1-150400.9.3.1 fixed
suse enterprise sap 15 SP5	25.1-150400.9.3.1 fixed
suse enterprise server 15 SP4	25.1-150400.9.3.1 fixed
suse enterprise server 15 SP5	25.1-150400.9.3.1 fixed

libre2-11-20240201

suse enterprise desktop 15 SP5	150400.9.3.1 fixed
suse enterprise sap 15 SP5	150400.9.3.1 fixed
suse enterprise server 15 SP4	150400.9.3.1 fixed
suse enterprise server 15 SP5	150400.9.3.1 fixed

libupb37

suse enterprise desktop 15 SP5	1.60.0-150400.8.3.2 fixed
suse enterprise desktop 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise desktop 15 SP7	1.60.0-150600.15.3.1 fixed
suse enterprise sap 15 SP5	1.60.0-150400.8.3.2 fixed
suse enterprise sap 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise sap 15 SP7	1.60.0-150600.15.3.1 fixed
suse enterprise server 15 SP4	1.60.0-150400.8.3.2 fixed
suse enterprise server 15 SP5	1.60.0-150400.8.3.2 fixed
suse enterprise server 15 SP6	1.60.0-150600.13.6 fixed
suse enterprise server 15 SP7	1.60.0-150600.15.3.1 fixed

protobuf-devel

suse enterprise desktop 15 SP5	25.1-150400.9.3.1 fixed
suse enterprise sap 15 SP5	25.1-150400.9.3.1 fixed
suse enterprise server 15 SP4	25.1-150400.9.3.1 fixed
suse enterprise server 15 SP5	25.1-150400.9.3.1 fixed

python311-abseil

suse enterprise desktop 15 SP5	1.4.0-150400.9.3.1 fixed
suse enterprise sap 15 SP5	1.4.0-150400.9.3.1 fixed
suse enterprise server 15 SP5	1.4.0-150400.9.3.1 fixed

python311-grpcio

suse enterprise desktop 15 SP5	1.60.0-150400.9.3.2 fixed
suse enterprise sap 15 SP5	1.60.0-150400.9.3.2 fixed
suse enterprise server 15 SP5	1.60.0-150400.9.3.2 fixed

python311-protobuf

suse enterprise desktop 15 SP5	4.25.1-150400.9.3.1 fixed
suse enterprise sap 15 SP5	4.25.1-150400.9.3.1 fixed
suse enterprise server 15 SP5	4.25.1-150400.9.3.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

rhc-worker-playbook

RHEL 9

0:0.1.10-1.el9_5

fixed

Common Weakness Enumeration

CWE-440 - Expected Behavior Violation
A feature, API, or function does not perform according to its specification.

References

https://github.com/grpc/grpc/pull/32309

https://github.com/grpc/grpc/pull/33005

https://github.com/grpc/grpc/pull/32309

https://github.com/grpc/grpc/pull/33005