Expected Behavior Violation
CVE-2023-32732
Summary
The package gRPC contains a Expected Behavior Violation vulnerability in versions 1.53.0-pre1 through 1.53.0, 1.54.0-pre1 through 1.54.1, and 1.55.0-pre1 whereby a client can cause a termination of the connection between an HTTP2 proxy and a gRPC server a base64 encoding error for "-bin" suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- LOW
CWE-440 - Expected Behavior Violation
A feature, API, or function does not perform according to its specification.
References
Advisory Timeline
- Published