CVE-2023-4785: Denial of Service in gRPC Core
Published Sep 13, 2023
·Updated
Denial of Service in gRPC Core
Affected Software
16 affected componentsFixes available
gRPC gRPC>=1.23.0<1.53.2
gRPC gRPC>=1.54.0<1.54.3
gRPC gRPC>=1.55.0<1.55.3
gRPC gRPC=1.56.0
pip/grpcio>=1.53.0<1.53.2
1.53.2
pip/grpcio>=1.54.0<1.54.3
1.54.3
pip/grpcio>=1.55.0<1.55.3
1.55.3
rubygems/grpc>=1.53.0<1.53.2
1.53.2
rubygems/grpc>=1.54.0<1.54.3
1.54.3
rubygems/grpc>=1.55.0<1.55.3
1.55.3
rubygems/grpc>=1.56.0<1.56.2
1.56.2
redhat/grpc<1.53.2
1.53.2
redhat/grpc<1.54.3
1.54.3
redhat/grpc<1.55.3
1.55.3
Microsoft azl3 grpc 1.42.0-7
Microsoft azl3 grpc 1.62.0-2
Remediation
Patch Available
Event History
Sep 13, 2023
CVE Published
via MITRE·04:31 PM
Data Sourced
via MITRE·04:31 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·05:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Advisory Published
via GitHub·06:31 PM
Sep 14, 2023
Data Sourced
via Red Hat·07:38 PM
DescriptionSeverityAffected Software
Jun 30, 2024
Data Sourced
via Microsoft·02:00 PM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·02:00 PM
Affected Software
Updated
via Microsoft·02:00 PM
DescriptionSeverity
Frequently Asked Questions
1
What is CVE-2023-4785?
CVE-2023-4785 is a vulnerability in Google's gRPC library that allows an attacker to cause a denial of service by initiating a significant number of connections with the server.
2
Which platforms are affected by CVE-2023-4785?
CVE-2023-4785 affects posix-compatible platforms (e.g., Linux) where Google's gRPC version 1.23 or later is used.
3
What is the severity of CVE-2023-4785?
CVE-2023-4785 has a severity rating of 7.5 (high).
4
How can an attacker exploit CVE-2023-4785?
An attacker can exploit CVE-2023-4785 by initiating a significant number of connections with the gRPC server, causing a denial of service.
5
Are there any fixes available for CVE-2023-4785?
Yes, fixes for CVE-2023-4785 have been released. It is recommended to update to a patched version of Google's gRPC library to mitigate the vulnerability.