Logo
vuln-group

CVE-2023-4785

Severity: high (7.5)

First published: Wed Sep 13 2023

Last modified: Tue Sep 19 2023

CWE: 248

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. 

Any of

  • Grpc Grpc
    >=1.23.0<1.53.2
  • Grpc Grpc
    >=1.54.0<1.54.3
  • Grpc Grpc
    >=1.55.0<1.55.3
  • Grpc Grpc
    1.56.0

FAQ

  • What is CVE-2023-4785?

    CVE-2023-4785 is a vulnerability in Google's gRPC library that allows an attacker to cause a denial of service by initiating a significant number of connections with the server.

  • Which platforms are affected by CVE-2023-4785?

    CVE-2023-4785 affects posix-compatible platforms (e.g., Linux) where Google's gRPC version 1.23 or later is used.

  • What is the severity of CVE-2023-4785?

    CVE-2023-4785 has a severity rating of 7.5 (high).

  • How can an attacker exploit CVE-2023-4785?

    An attacker can exploit CVE-2023-4785 by initiating a significant number of connections with the gRPC server, causing a denial of service.

  • Are there any fixes available for CVE-2023-4785?

    Yes, fixes for CVE-2023-4785 have been released. It is recommended to update to a patched version of Google's gRPC library to mitigate the vulnerability.

Reference Links

SecAlerts Pty Ltd.
Fortitude Valley,
QLD 4006, Australia

Navigation

© Copyright 2023 - ABN: 70 645 966 203, ACN: 645 966 203