Thanks to visit codestin.com
Credit goes to github.com

Skip to content

x/vulndb: potential Go vuln in github.com/grpc/grpc: CVE-2023-4785 #2062

New issue
New issue
Closed
Closed
x/vulndb: potential Go vuln in github.com/grpc/grpc: CVE-2023-4785#2062
Assignees
neild
Labels
excluded: NOT_GO_CODEThis vulnerability does not refer to a Go module.
@GoVulnBot

Description

@GoVulnBot
GoVulnBot
opened on Sep 13, 2023

CVE-2023-4785 references github.com/grpc/grpc, which may be a Go module.

Description:
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. 

References:

Cross references:

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/grpc/grpc
      vulnerable_at: 1.58.0
      packages:
        - package: gRPC
description: |-
    Lack of error handling in the TCP server in Google's gRPC starting version 1.23
    on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial
    of service by initiating a significant number of connections with the server.
    Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT
    affected.
cves:
    - CVE-2023-4785
references:
    - fix: https://github.com/grpc/grpc/pull/33656
    - fix: https://github.com/grpc/grpc/pull/33667
    - fix: https://github.com/grpc/grpc/pull/33669
    - fix: https://github.com/grpc/grpc/pull/33670
    - fix: https://github.com/grpc/grpc/pull/33672

Metadata

Metadata

Assignees

Labels

excluded: NOT_GO_CODEThis vulnerability does not refer to a Go module.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions