gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit inĀ https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
CVSS Score
5.3
EPSS Score
0.0
Published
2023-06-09
Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-06-05
Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.
CVSS Score
9.8
EPSS Score
0.018
Published
2017-04-30
Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-04-14
Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-04-14