Skip to main content

Expected Behavior Violation

CVE-2023-32732

Severity Medium
Score 5.3/10

Summary

The package gRPC contains a Expected Behavior Violation vulnerability in versions 1.53.0-pre1 through 1.53.0, 1.54.0-pre1 through 1.54.1, and 1.55.0-pre1 whereby a client can cause a termination of the connection between an HTTP2 proxy and a gRPC server a base64 encoding error for "-bin" suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • LOW

CWE-440 - Expected Behavior Violation

A feature, API, or function does not perform according to its specification.

Advisory Timeline

  • Published