Fabre

#1059281 grpc: CVE-2023-4785 #1059281

Package:: src:grpc

Source:: src:grpc

Submitter:: Moritz Mühlenhoff

Date:: 2023-12-22 20:09:24 UTC

Severity:: normal

Tags:

#1059281#5

Date:: 2023-12-22 12:12:47 UTC

From:

To:

Hi,

The following vulnerability was published for grpc.

CVE-2023-4785[0]:
| Lack of error handling in the TCP server in Google's gRPC starting
| version 1.23 on posix-compatible platforms (ex. Linux) allows an
| attacker to cause a denial of service by initiating a significant
| number of connections with the server. Note that gRPC C++ Python,
| and Ruby are affected, but gRPC Java, and Go are NOT affected.

https://github.com/grpc/grpc/pull/33656
https://github.com/grpc/grpc/pull/33667
https://github.com/grpc/grpc/pull/33669
https://github.com/grpc/grpc/pull/33670
https://github.com/grpc/grpc/pull/33672

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-4785
https://www.cve.org/CVERecord?id=CVE-2023-4785

Please adjust the affected versions in the BTS as needed.

#1059281 grpc: CVE-2023-4785 #1059281

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)