CVE-2023-4785
13.09.2023, 17:15
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| grpc | grpc | 1.23.0 ≤ 𝑥 < 1.53.2 |
| grpc | grpc | 1.54.0 ≤ 𝑥 < 1.54.3 |
| grpc | grpc | 1.55.0 ≤ 𝑥 < 1.55.3 |
| grpc | grpc | 1.56.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| grpc | grpc | 𝑥 < 1.23 | ADP |
| grpc | grpc | 1.56.0 ≤ 𝑥 ≤ 1.56.1 | ADP |
| grpc | grpc | 1.55.0 ≤ 𝑥 ≤ 155.2 | ADP |
| grpc | grpc | 1.54.0 ≤ 𝑥 ≤ 1.54.2 | ADP |
| grpc | grpc | 1.53.0 ≤ 𝑥 ≤ 1.53.1 | ADP |
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| grpc-devel |
| ||||||||||||||||||||
| libgrpc++1_60 |
| ||||||||||||||||||||
| libgrpc1_60 |
| ||||||||||||||||||||
| libgrpc37 |
| ||||||||||||||||||||
| libupb37 |
|
Common Weakness Enumeration
References