Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Google
Published: 2023-09-13T16:31:55.664Z
Updated: 2024-08-02T07:38:00.495Z
Reserved: 2023-09-06T04:50:57.530Z
Link: CVE-2023-4785
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-13T17:15:10.227
Modified: 2023-09-19T16:02:53.477
Link: CVE-2023-4785
Redhat