Seal Security

CVE-2023-4785

Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

7.5

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Versions

grpc >= 1.56.0 < 1.56.2; grpc >= 1.55.0 < 1.55.3; grpc >= 1.54.0 < 1.54.3; grpc >= 1.53.0 < 1.53.2; grpcio >= 1.55.0 < 1.55.3; grpcio >= 1.54.0 < 1.54.3; grpcio >= 1.53.0 < 1.53.2

Severity

High

Ecosystem

Python

Publish Date

September 13, 2023

Modified Date

April 22, 2024