### Impact Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated when parsing messages. This can lead to a denial of se ...
Continue Reading19 июня, 2023
### Impact Affected gRPC Swift servers are vulnerable to precondition failures when parsing certain gRPC Web requests. This may lead to a denial of service. ### Patches The problem has been fixed in 1 ...
Continue Reading19 июня, 2023
A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling `GOAWAY` frames. The attack is low-effort: it takes very little ...
Continue Reading19 июня, 2023
This post delves into a very impactful JWT Authentication Bypass vulnerability ([CVE-2023-30845]()) found in [ESP-v2](), an open-source service proxy that provides API management capabilities using Go ...
Continue Reading19 июня, 2023
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of ...
Continue Reading16 июня, 2023
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disco ...
Continue Reading14 июня, 2023
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of ...
Continue Reading14 июня, 2023
There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x ! ...
Continue Reading14 июня, 2023
Back to Main