Amazon Linux 2023 : grpc, grpc-cpp, grpc-data (ALAS2023-2024-474)
Discription

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-474 advisory. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More

Back to Main

Subscribe for the latest news: