CVE-2023-1428: Denial-of-Service in gRPC
First published: Fri Jun 09 2023(Updated: )
gRPC is vulnerable to a denial of service. By sending a specially crafted header, an attacker could exploit this vulnerability to cause a denial of service.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Grpc Grpc | >=1.51.0<1.53.0 | |
| IBM Cloud Pak for Business Automation | <=V23.0.1 - V23.0.1-IF001 | |
| IBM Cloud Pak for Business Automation | <=V21.0.3 - V21.0.3-IF023 | |
| IBM Cloud Pak for Business Automation | <=V22.0.2 - V22.0.2-IF006 and later fixes V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixes V21.0.1 - V21.0.1-IF007 and later fixes V20.0.1 - V20.0.3 and later fixes V19.0.1 - V19.0.3 and later fixes V18.0.0 - V18.0.2 and later fixes |
Remedy
Fixes available in these releases: - 1.52.2: https://github.com/grpc/grpc/releases/tag/v1.52.2 https://github.com/grpc/grpc/releases/tag/v1.52.2 - 1.53.1: https://github.com/grpc/grpc/releases/tag/v1.53.1 https://github.com/grpc/grpc/releases/tag/v1.53.1 - 1.54.2: https://github.com/grpc/grpc/releases/tag/v1.54.2 https://github.com/grpc/grpc/releases/tag/v1.54.2 - 1.55.0: https://github.com/grpc/grpc/releases/tag/v1.55.0 https://github.com/grpc/grpc/releases/tag/v1.55.0
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-1428.
What is the severity of CVE-2023-1428?
The severity of CVE-2023-1428 is high with a CVSS score of 7.5.
Which software is affected by CVE-2023-1428?
Grpc versions between 1.51.0 and 1.53.0 are affected by CVE-2023-1428.
How does CVE-2023-1428 manifest?
CVE-2023-1428 manifests as an abort() being called in gRPC's C++ implementation when certain headers are sent.
Is there a fix available for CVE-2023-1428?
Yes, the fix for CVE-2023-1428 can be found in the following commit: https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8
- collector/nvd-index
- agent/type
- agent/author
- agent/weakness
- agent/references
- agent/softwarecombine
- agent/description
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/title
- agent/severity
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/grpc
- canonical/grpc grpc
- version/grpc grpc/1.51.0
- vendor/ibm
- canonical/ibm cloud pak for business automation
- version/ibm cloud pak for business automation/v23.0.1 - v23.0.1-if001
- version/ibm cloud pak for business automation/v21.0.3 - v21.0.3-if023
- version/ibm cloud pak for business automation/v22.0.2 - v22.0.2-if006 and later fixes v22.0.1 - v22.0.1-if006 and later fixes v21.0.2 - v21.0.2-if012 and later fixes v21.0.1 - v21.0.1-if007 and later fixes v20.0.1 - v20.0.3 and later fixes v19.0.1 - v19.0.3 and later fixes v18.0.0 - v18.0.2 and later fixes