Severity: high (7.5)
First published: Wed Sep 13 2023
Last modified: Tue Sep 19 2023
CWE: 248
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
CVE-2023-4785 is a vulnerability in Google's gRPC library that allows an attacker to cause a denial of service by initiating a significant number of connections with the server.
CVE-2023-4785 affects posix-compatible platforms (e.g., Linux) where Google's gRPC version 1.23 or later is used.
CVE-2023-4785 has a severity rating of 7.5 (high).
An attacker can exploit CVE-2023-4785 by initiating a significant number of connections with the gRPC server, causing a denial of service.
Yes, fixes for CVE-2023-4785 have been released. It is recommended to update to a patched version of Google's gRPC library to mitigate the vulnerability.