all InfoSec news
CVE-2023-1428 (grpc)
June 9, 2023, 11:15 a.m. |
National Vulnerability Database web.nvd.nist.gov
The following headers cause gRPC's C++ implementation to abort() when called via http2:
te: x (x != trailers)
:scheme: x (x != http, https)
grpclb_client_stats: x (x == anything)
On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.
called cve grpc header headers http http2 https implementation vulnerability
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-21380 (android)
6 months ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
6 months ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
Principal - Cyber Risk and Assurance - Infra/Network
@ GSK | Bengaluru Luxor North Tower
Staff Security Engineer
@ Airwallex | AU - Melbourne
Chief Information Security Officer
@ Australian Payments Plus | Sydney, New South Wales, Australia
TW Test Automation Engineer (Access Control & Intrusion Systems)
@ Bosch Group | Taipei, Taiwan
Consultant infrastructure sécurité H/F
@ Hifield | Sèvres, France
SOC Analyst
@ Wix | Tel Aviv, Israel