CVE-2023-4785
HIGH EPSS 47.2%
Published Sep 13, 20232y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
Published Sep 13, 2023 2y ago
Last Modified Jun 17, 2026 2w ago
Description
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
47.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-248
Affected Products 4
References 5
- github.com https://github.com/grpc/grpc/pull/33656
- github.com https://github.com/grpc/grpc/pull/33667
- github.com https://github.com/grpc/grpc/pull/33669
- github.com https://github.com/grpc/grpc/pull/33670
- github.com https://github.com/grpc/grpc/pull/33672
Remediation
- github.com https://github.com/grpc/grpc/pull/33656