Vulnerability Details : CVE-2023-32731
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005
Vulnerability category: Gain privilege
Products affected by CVE-2023-32731
- cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-32731
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32731
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.4
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H |
2.2
|
5.2
|
Google Inc. | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-32731
-
A feature, API, or function does not perform according to its specification.Assigned by: cve-coordination@google.com (Secondary)
References for CVE-2023-32731
-
https://github.com/grpc/grpc/pull/32309
[http2] Dont drop connections on metadata limit exceeded by ctiller · Pull Request #32309 · grpc/grpc · GitHubPatch
-
https://github.com/grpc/grpc/pull/33005
[chttp2] Fix some fuzzer found bugs. by ctiller · Pull Request #33005 · grpc/grpc · GitHubPatch
Jump to