What is the severity of REDHAT-BUG-2214463?

The severity of REDHAT-BUG-2214463 is medium due to potential desynchronization issues affecting data integrity between gRPC endpoints.

How do I fix REDHAT-BUG-2214463?

To fix REDHAT-BUG-2214463, update to a version of gRPC that includes the patch for the header size exceeded error.

Which versions of gRPC are affected by REDHAT-BUG-2214463?

REDHAT-BUG-2214463 affects versions of gRPC up to commit 32309.

What systems are impacted by REDHAT-BUG-2214463?

Systems using gRPC for communication, particularly those with proxy and backend configurations, are impacted by REDHAT-BUG-2214463.

What is the main issue described in REDHAT-BUG-2214463?

REDHAT-BUG-2214463 describes a desynchronization of HPACK tables due to skipped parsing of HPACK frames when a header size exceeded error occurs.

Vulnerability/
REDHAT-BUG-2214463

medium

13/6/2023

3/12/2024

REDHAT-BUG-2214463

First published: Tue Jun 13 2023(Updated: )

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in <a href="https://github.com/grpc/grpc/pull/32309">https://github.com/grpc/grpc/pull/32309</a> <a href="https://github.com/grpc/grpc/pull/32309">https://github.com/grpc/grpc/pull/32309</a>

Affected Software	Affected Version	How to fix
gRPC	<commit 32309

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2214463?
The severity of REDHAT-BUG-2214463 is medium due to potential desynchronization issues affecting data integrity between gRPC endpoints.
How do I fix REDHAT-BUG-2214463?
To fix REDHAT-BUG-2214463, update to a version of gRPC that includes the patch for the header size exceeded error.
Which versions of gRPC are affected by REDHAT-BUG-2214463?
REDHAT-BUG-2214463 affects versions of gRPC up to commit 32309.
What systems are impacted by REDHAT-BUG-2214463?
Systems using gRPC for communication, particularly those with proxy and backend configurations, are impacted by REDHAT-BUG-2214463.
What is the main issue described in REDHAT-BUG-2214463?
REDHAT-BUG-2214463 describes a desynchronization of HPACK tables due to skipped parsing of HPACK frames when a header size exceeded error occurs.

collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-32731
agent/last-modified-date
agent/references
agent/severity
agent/type
agent/description
agent/event
agent/first-publish-date
agent/trending
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/grpc
canonical/grpc

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.