Fabre

#1059280 grpc: CVE-2023-32732 #1059280

Package:: src:grpc

Source:: src:grpc

Submitter:: Moritz Mühlenhoff

Date:: 2023-12-22 20:09:24 UTC

Severity:: normal

Tags:

#1059280#5

Date:: 2023-12-22 12:12:09 UTC

From:

To:

Hi,

The following vulnerability was published for grpc.

CVE-2023-32732[0]:
| gRPC contains a vulnerability whereby a client can cause a
| termination of connection between a HTTP2 proxy and a gRPC server: a
| base64 encoding error for `-bin` suffixed headers will result in a
| disconnection by the gRPC server, but is typically allowed by HTTP2
| proxies. We recommend upgrading beyond the commit in 
| https://github.com/grpc/grpc/pull/32309 https://www.google.com/url

https://github.com/grpc/grpc/pull/32309


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-32732
https://www.cve.org/CVERecord?id=CVE-2023-32732

Please adjust the affected versions in the BTS as needed.

#1059280 grpc: CVE-2023-32732 #1059280

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)