CVE-2023-32732 Information
Description
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
Reference
https://github.com/grpc/grpc/pull/32309
gRPC
contains
a
vulnerability
whereby
a
client
can
cause
a
termination
of
connection
between
a
HTTP2
proxy
and
a
gRPC
server:
a
base64
encoding
error
for
-bin
suffixed
headers
will
result
in
a
disconnection
by
the
gRPC
server
but
is
typically
allowed
by
HTTP2
proxies.
We
recommend
upgrading
beyond
the
commit
in
https://github.com/grpc/grpc/pull/32309
https://www.google.com/url