Expected Behavior Violation
CVE-2023-32731
Summary
When the gRPC HTTP2 stack raised a header size exceeded error in versions in versions 1.53.0-pre1 through 1.53.0, 1.54.0-pre1 through 1.54.1, and 1.55.0-pre1, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-440 - Expected Behavior Violation
A feature, API, or function does not perform according to its specification.
References
Advisory Timeline
- Published