Uncaught Exception
CVE-2023-4785
Summary
Lack of error handling in the TCP server in Google's gRPC versions 1.23.0-pre1 through 1.53.1, 1.54.0-pre1 through 1.54.2, 1.55.0-pre1 through 1.55.1 and 1.56.0-pre1 through 1.56.1 on POSIX-compatible platforms (ex. Linux) allows an attacker to cause a denial-of-service (DoS) by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-248 - Uncaught Exception
An exception is thrown from a function, but it is not caught.
References
Advisory Timeline
- Published