-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: potential Go vuln in github.com/grpc/grpc: CVE-2023-32732 #1848
Comments
C++, not Go. |
Change https://go.dev/cl/503837 mentions this issue: |
Hello, I have one question. Is this vulnerability also applicable to go-grpc? I'm using google.golang.org/grpc and I was wondering if it is affected by this and other CVEs like CVE-2017-7860, CVE-2017-9431, CVE-2017-7861 and CVE-2017-8359. Additionally, if a vulnerability is found in the src/core file of grpc will it also affect go-grpc? |
CVE-2023-32732 references github.com/grpc/grpc, which may be a Go module.
Description:
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for
-bin
suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in grpc/grpc#32309 https://www.google.com/urlReferences:
Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: