Skip to main content

Uncaught Exception

CVE-2023-4785

Severity High
Score 7.5/10

Summary

Lack of error handling in the TCP server in Google's gRPC versions 1.23.0-pre1 through 1.53.1, 1.54.0-pre1 through 1.54.2, 1.55.0-pre1 through 1.55.1 and 1.56.0-pre1 through 1.56.1 on POSIX-compatible platforms (ex. Linux) allows an attacker to cause a denial-of-service (DoS) by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-248 - Uncaught Exception

An exception is thrown from a function, but it is not caught.

Advisory Timeline

  • Published