CVE-2023-33953: Denial-of-Service in gRPC
Published Aug 9, 2023
·Updated
Denial-of-Service in gRPC
Affected Software
19 affected componentsFixes available
gRPC gRPC<1.53.2
gRPC gRPC>=1.54.0<1.54.3
gRPC gRPC>=1.55.0<1.55.2
gRPC gRPC>=1.56.0<1.56.2
rubygems/grpc>=1.56.0<1.56.2
1.56.2
rubygems/grpc>=1.55.0<1.55.2
1.55.2
rubygems/grpc>=1.54.0<1.54.3
1.54.3
rubygems/grpc<1.53.2
1.53.2
pip/grpcio>=1.56.0<1.56.2
1.56.2
pip/grpcio>=1.55.0<1.55.2
1.55.2
pip/grpcio>=1.54.0<1.54.3
1.54.3
pip/grpcio<1.53.2
1.53.2
redhat/gRPC<1.53.2
1.53.2
redhat/gRPC<1.54.3
1.54.3
redhat/gRPC<1.55.2
1.55.2
redhat/gRPC<1.57
1.57
Microsoft cbl2 python-tensorboard 2.11.0-2
Microsoft azl3 grpc 1.62.0-2
Microsoft azl3 grpc 1.42.0-7
Event History
Aug 9, 2023
CVE Published
via MITRE·12:54 PM
Data Sourced
via MITRE·12:54 PM
DescriptionSeverityWeakness
Advisory Published
via GitHub·03:30 PM
Aug 10, 2023
Data Sourced
via Red Hat·08:33 AM
DescriptionSeverityAffected Software
Jun 30, 2024
Data Sourced
via Microsoft·02:00 PM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·02:00 PM
Affected Software
Updated
via Microsoft·02:00 PM
DescriptionSeverity
Frequently Asked Questions
1
What is the vulnerability ID?
The vulnerability ID is CVE-2023-33953.
2
What is the severity level of CVE-2023-33953?
The severity level of CVE-2023-33953 is high with a score of 7.5.
3
What is the affected software?
The affected software is gRPC versions up to 1.53.2, 1.54.0 to 1.54.3, 1.55.0 to 1.55.2, and 1.56.0 to 1.56.2.
4
What are the potential DOS attacks that can be caused by CVE-2023-33953?
CVE-2023-33953 can cause unbounded memory buffering in the HPACK parser and unbounded CPU consumption.
5
How can I fix CVE-2023-33953?
To fix CVE-2023-33953, update gRPC to a version higher than 1.56.2, or apply the recommended security patches provided by gRPC.