Expected Behavior Violation
CVE-2024-7246
Summary
A gRPC client communicating with an HTTP/2 proxy to poison the HPACK table between the proxy and the backend, causing other clients to experience failed requests. Additionally, this vulnerability can be exploited to leak other client's HTTP header keys, but not their values. This issue arises because the error status for a misencoded header is not cleared between header reads, leading to subsequent (incrementally indexed) headers in the first request being poisoned until they are cleared from the HPACK table. The vulnerability affects GRPC and GRPCIO versions through v1.58.2, 1.59.0 through v1.59.4, 1.60.0 through v1.60.1, 1.61.0 through 1.61.2, v1.62.0 through v1.62.2, 1.63.0 through v1.63.1, 1.64.0 through v1.64.2, 1.65.0 through v1.65.3 and v1.66.0-pre1.
- HIGH
- NETWORK
- NONE
- CHANGED
- NONE
- NONE
- NONE
- LOW
CWE-440 - Expected Behavior Violation
A feature, API, or function does not perform according to its specification.
References
Advisory Timeline
- Published