CVE-2023-33953

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-33953

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33953.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-33953

Aliases

GHSA-496j-2rq6-j6cc

Related

Published

2023-08-09T13:15:09Z

Modified

2025-02-19T03:35:18.315280Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:

Unbounded memory buffering in the HPACK parser
Unbounded CPU consumption in the HPACK parser

The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.

The unbounded memory buffering bugs:

The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…

References

Affected packages

Debian:11 / grpc

Package

Name: grpc
Purl: pkg:deb/debian/grpc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.30.2-3

1.30.2-4

1.30.2-4+0.riscv64.1

1.30.2-4+0.riscv64.2

1.44.0-1

1.44.0-2

1.44.0-3

1.50.1-1

1.51.0-1

1.51.1-1

1.51.1-2

1.51.1-3

1.51.1-4

1.51.1-4.1~exp1

1.51.1-4.1

1.51.1-5

1.59.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / grpc

Package

Name: grpc
Purl: pkg:deb/debian/grpc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.51.1-3

1.51.1-4

1.51.1-4.1~exp1

1.51.1-4.1

1.51.1-5

1.59.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / grpc

Package

Name: grpc
Purl: pkg:deb/debian/grpc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.51.1-3

1.51.1-4

1.51.1-4.1~exp1

1.51.1-4.1

1.51.1-5

1.59.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/grpc/grpc

Affected ranges

Type: GIT
Repo: https://github.com/grpc/grpc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

afb307fb89ed83f358d82b5d359034a039a95e66

Type: GIT
Repo: https://github.com/grpc/grpc-go
Events: Introduced

0ed709c4a71d08e5877b4bfb41c2747b0d1c3240

Fixed

faab8736bf73291f92b867d5dae31c927d53d508

Affected versions

1.*

1.33.1

objective-c-v1.*

objective-c-v1.0.0-pre1

objective-c-v1.0.2

Other

release-0_10_0

release-0_11

release-0_11_0

release-0_11_1

release-0_12

release-0_12_0

release-0_13_0

release-0_13_1

release-0_14

release-0_14_0

release-0_14_1

release-0_15_0

release-0_15_1

release-0_5_0

release-0_6

release-0_6_0

release-0_9_0

release_test

release-0_10_0-objectivec-0.*

release-0_10_0-objectivec-0.6.0

release-0_11_1-objectivec-0.*

release-0_11_1-objectivec-0.11.1

release-0_12_0-objectivec-0.*

release-0_12_0-objectivec-0.12.0

release-0_14_0-objective-c-0.*

release-0_14_0-objective-c-0.14.0

release-0_14_0-objectivec-0.*

release-0_14_0-objectivec-0.14.0

release-0_9_1-objectivec-0.*

release-0_9_1-objectivec-0.5.1

v0.*

v0.15.0

v1.*

v1.0.0

v1.0.0-pre2

v1.0.1

v1.0.1-pre1

v1.1.0

v1.1.0-pre1

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.10.0

v1.10.0-pre1

v1.10.0-pre2

v1.10.1

v1.10.1-pre1

v1.11.0

v1.11.0-pre1

v1.11.0-pre2

v1.12.0

v1.12.0-pre1

v1.12.1

v1.13.0

v1.13.0-pre1

v1.13.0-pre2

v1.13.0-pre3

v1.14.0

v1.14.0-pre1

v1.14.0-pre2

v1.14.1

v1.15.0

v1.15.0-pre1

v1.15.1

v1.16.0

v1.16.0-pre1

v1.16.1

v1.16.1-pre1

v1.17.0

v1.17.0-pre1

v1.17.0-pre2

v1.17.0-pre3

v1.17.1

v1.17.1-pre1

v1.17.2

v1.18.0

v1.18.0-pre1

v1.19.0

v1.19.0-pre1

v1.19.1

v1.2.0

v1.2.0-pre2

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.20.0

v1.20.0-pre1

v1.20.0-pre2

v1.20.0-pre3

v1.20.1

v1.21.0

v1.21.0-pre1

v1.21.1

v1.21.2

v1.21.3

v1.21.3-pre1

v1.21.4

v1.21.4-pre1

v1.22.0

v1.22.0-pre1

v1.23.0

v1.23.0-pre1

v1.24.0

v1.24.0-pre1

v1.24.0-pre2

v1.24.1

v1.24.2

v1.24.3

v1.25.0

v1.25.0-pre1

v1.26.0

v1.26.0-pre1

v1.29.0

v1.29.1

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.30.0

v1.30.0-pre1

v1.30.1

v1.30.2

v1.31.0

v1.31.0-pre1

v1.31.0-pre2

v1.31.1

v1.32.0

v1.32.0-pre1

v1.33.0

v1.33.0-pre1

v1.33.0-pre2

v1.33.1

v1.33.2

v1.34.0

v1.34.0-pre1

v1.35.0-pre1

v1.4.0

v1.4.0-pre1

v1.4.1

v1.41.0-pre1

v1.53.0

v1.53.0-pre1

v1.53.0-pre2

v1.53.1

v1.56.0

v1.56.0-dev

v1.56.1

v1.6.0

v1.6.0-pre1

v1.6.1

v1.7.0

v1.7.1

v1.7.2

v1.8.0

v1.8.0-pre2

v1.8.1

v1.8.2

v1.8.3

v1.8.4

v1.9.0

v1.9.0-pre1

v1.9.0-pre2

v1.9.0-pre3

v1.9.1