ADVISORIES

• CVE-2023-32732 (NVD)
• GHSA-9hxf-ppjv-w6rq
• Vendor Advisory

GEM

grpc

SEVERITY

CVSS v3.x: 5.3 (Medium)

PATCHED VERSIONS

• >= 1.53.0

DESCRIPTION

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309.

RELATED

• https://nvd.nist.gov/vuln/detail/CVE-2023-32732
• https://github.com/grpc/grpc/pull/32309
• https://github.com/advisories/GHSA-9hxf-ppjv-w6rq