CVE-2023-4785 - OpenCVE

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Grpc	Grpc
Redhat	Satellite

Configuration 1 [-]

OR	cpe:2.3:a:grpc:grpc::::::-::*
	cpe:2.3:a:grpc:grpc::::::-::*
	cpe:2.3:a:grpc:grpc::::::-::*
	cpe:2.3:a:grpc:grpc:1.56.0:::::-::

Package	CPE	Advisory	Released Date
Red Hat Satellite 6.14 for RHEL 8
rubygem-grpc-0:1.58.0-1.el8sat	cpe:/a:redhat:satellite:6.14::el8	RHSA-2024:0797	2024-02-13T00:00:00Z

References

Link	Providers
https://github.com/advisories/GHSA-p25m-jpj4-qcrr
https://github.com/grpc/grpc/pull/33656
https://github.com/grpc/grpc/pull/33667
https://github.com/grpc/grpc/pull/33669
https://github.com/grpc/grpc/pull/33670
https://github.com/grpc/grpc/pull/33672
https://nvd.nist.gov/vuln/detail/CVE-2023-4785
https://www.cve.org/CVERecord?id=CVE-2023-4785

History

No history.

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2023-09-13T16:31:55.664Z

Updated: 2024-08-02T07:38:00.495Z

Reserved: 2023-09-06T04:50:57.530Z

Link: CVE-2023-4785

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-13T17:15:10.227

Modified: 2023-09-19T16:02:53.477

Link: CVE-2023-4785

Redhat

Severity : Moderate

Publid Date: 2023-09-14T00:00:00Z

Links: CVE-2023-4785 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4785", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2023-09-06T04:50:57.530Z", "datePublished": "2023-09-13T16:31:55.664Z", "dateUpdated": "2024-08-02T07:38:00.495Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Posix-compatible platforms"], "product": "gRPC", "repo": "https://github.com/grpc/grpc", "vendor": "Google", "versions": [{"lessThan": "1.23", "status": "unaffected", "version": "0", "versionType": "custom"}, {"status": "unaffected", "version": "1.57"}, {"changes": [{"at": "1.56.2", "status": "unaffected"}], "lessThanOrEqual": "1.56.1", "status": "affected", "version": "1.56.0", "versionType": "custom"}, {"changes": [{"at": "1.55.3", "status": "unaffected"}], "lessThanOrEqual": "1.55.2", "status": "affected", "version": "1.55.0", "versionType": "custom"}, {"changes": [{"at": "1.54.3", "status": "unaffected"}], "lessThanOrEqual": "154.2", "status": "affected", "version": "1.54.0", "versionType": "custom"}, {"changes": [{"at": "1.53.2", "status": "unaffected"}], "lessThanOrEqual": "1.53.1", "status": "affected", "version": "1.53.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. "}], "value": "Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.\u00a0"}], "impacts": [{"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125 Flooding"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-248", "description": "CWE-248", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2023-09-13T16:37:13.825Z"}, "references": [{"url": "https://github.com/grpc/grpc/pull/33656"}, {"url": "https://github.com/grpc/grpc/pull/33667"}, {"url": "https://github.com/grpc/grpc/pull/33669"}, {"url": "https://github.com/grpc/grpc/pull/33670"}, {"url": "https://github.com/grpc/grpc/pull/33672"}], "source": {"discovery": "UNKNOWN"}, "title": "Denial of Service in gRPC Core ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.495Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/grpc/grpc/pull/33656", "tags": ["x_transferred"]}, {"url": "https://github.com/grpc/grpc/pull/33667", "tags": ["x_transferred"]}, {"url": "https://github.com/grpc/grpc/pull/33669", "tags": ["x_transferred"]}, {"url": "https://github.com/grpc/grpc/pull/33670", "tags": ["x_transferred"]}, {"url": "https://github.com/grpc/grpc/pull/33672", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", "matchCriteriaId": "988AD4A4-5F77-4474-B06B-7677D748F1AC", "versionEndExcluding": "1.53.2", "versionStartIncluding": "1.23.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", "matchCriteriaId": "1A6B7840-8878-4F83-977A-1AF53E103F51", "versionEndExcluding": "1.54.3", "versionStartIncluding": "1.54.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", "matchCriteriaId": "75EDD526-0BB3-43B4-9158-B3D9593E7368", "versionEndExcluding": "1.55.3", "versionStartIncluding": "1.55.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:grpc:grpc:1.56.0:*:*:*:*:-:*:*", "matchCriteriaId": "DB59E93E-4F0B-49D7-AD20-AC7B3A151195", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.\u00a0"}, {"lang": "es", "value": "La falta de manejo de errores en el servidor TCP en gRPC de Google a partir de la versi\u00f3n 1.23 en plataformas compatibles con posix (por ejemplo, Linux) permite a un atacante provocar una denegaci\u00f3n de servicio al iniciar una cantidad significativa de conexiones con el servidor. Tenga en cuenta que gRPC C++ Python y Ruby se ven afectados, pero gRPC Java y Go NO se ven afectados."}], "id": "CVE-2023-4785", "lastModified": "2023-09-19T16:02:53.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2023-09-13T17:15:10.227", "references": [{"source": "cve-coordination@google.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/grpc/grpc/pull/33656"}, {"source": "cve-coordination@google.com", "tags": ["Issue Tracking"], "url": "https://github.com/grpc/grpc/pull/33667"}, {"source": "cve-coordination@google.com", "tags": ["Issue Tracking"], "url": "https://github.com/grpc/grpc/pull/33669"}, {"source": "cve-coordination@google.com", "tags": ["Issue Tracking"], "url": "https://github.com/grpc/grpc/pull/33670"}, {"source": "cve-coordination@google.com", "tags": ["Issue Tracking"], "url": "https://github.com/grpc/grpc/pull/33672"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-248"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0797", "cpe": "cpe:/a:redhat:satellite:6.14::el8", "impact": "moderate", "package": "rubygem-grpc-0:1.58.0-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2024-02-13T00:00:00Z"}], "bugzilla": {"description": "gRPC: file descriptor exhaustion leads to denial of service", "id": "2239017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239017"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-248", "details": ["Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.\u00a0", "A flaw was found in gRPC. Lack of error handling in the TCP server in Google's gRPC, starting in version 1.23 on POSIX-compatible platforms (for example, Linux), allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++, Python, and Ruby are affected, but gRPC Java and Go are NOT affected."], "name": "CVE-2023-4785", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "grpc", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-kuryr-cni-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-kuryr-controller-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2023-09-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-4785\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4785\nhttps://github.com/advisories/GHSA-p25m-jpj4-qcrr\nhttps://github.com/grpc/grpc/pull/33656\nhttps://github.com/grpc/grpc/pull/33667\nhttps://github.com/grpc/grpc/pull/33669\nhttps://github.com/grpc/grpc/pull/33670\nhttps://github.com/grpc/grpc/pull/33672"], "threat_severity": "Moderate", "upstream_fix": "grpc 1.53.2, grpc 1.54.3, grpc 1.55.3, grpc 1.56.2"}