Connection Confusion
Discription

grpc is vulnerable to Connection Confusion. The vulnerability exists when the gRPC HTTP2 stack raised a header size exceeded error, and it skipped parsing the rest of the HPACK frame, which caused any HPACK table mutations also to be skipped, resulting in the desynchronization of HPACK tables between sender and receiver, leading to requests from the proxy being interpreted as containing headers from different proxy clients, allowing an attacker to gain sensitive information and gain access to the system or data exfiltration.Read More

Back to Main

Subscribe for the latest news: