grpc is vulnerable to Denial Of Service (DoS). The vulnerability exists due to improper header validation which allows an attacker to send headers such as `te: x (x != trailers)`, `scheme: x (x != htt ...
Continue Reading
July 14, 2023
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disco ...
Continue Reading
July 10, 2023
There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != ht ...
Continue Reading
July 10, 2023
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of ...
Continue Reading
July 09, 2023
io.quarkus:quarkus-vertx-http and io.quarkus:quarkus-grpc use Insecure TLS Configuration. The library fails to enforce the configured TLS protocol in `quarkus.http.ssl.protocols`, which lets a client ...
Continue Reading
July 08, 2023
grpc is vulnerable to Connection Confusion. The vulnerability exists when the gRPC HTTP2 stack raised a header size exceeded error, and it skipped parsing the rest of the HPACK frame, which caused any ...
Continue Reading
July 08, 2023
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of ...
Continue Reading
July 07, 2023
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of ...
Continue Reading
July 07, 2023
Back to Main
