Skip to main content

Expected Behavior Violation


Severity High
Score 7.5/10


When the gRPC HTTP2 stack raised a header size exceeded error in versions in versions 1.53.0-pre1 through 1.53.0, 1.54.0-pre1 through 1.54.1, and 1.55.0-pre1, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.

  • LOW
  • NONE
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-440 - Expected Behavior Violation

A feature, API, or function does not perform according to its specification.

Advisory Timeline

  • Published