CVE-2023-1428 (https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8): There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above. Patch: https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8 CVE-2023-32731 (https://github.com/grpc/grpc/pull/32309): When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/32309 https://github.com/grpc/grpc/pull/32309 Patch: https://github.com/grpc/grpc/commit/29d8beee0ac2555773b2a2dda5601c74a95d6c10 CVE-2023-32732 (https://github.com/grpc/grpc/pull/32309): gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url Patch: https://github.com/grpc/grpc/commit/29d8beee0ac2555773b2a2dda5601c74a95d6c10 Fixes in 1.54.0 and onwards, please bump.
