grpc (SUSE:Linux Enterprise Module for Basesystem 15 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 SP5 package grpc, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2023-33953 — CVSS 7.5 (high): gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in…
CVE-2023-4785 — CVSS 7.5 (high): Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an…
CVE-2024-11407 — CVSS 7.5 (high): There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel…
CVE-2023-32731 — CVSS 7.4 (high): When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table…
CVE-2023-32732 — CVSS 5.3 (medium): gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64…
CVE-2024-7246 — CVSS 5.3 (medium): It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that…