​
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-8cf4-mmm4-2rr5

Published

Last updated

https://images.chainguard.dev/security/CGA-8cf4-mmm4-2rr5
Package

calico

Latest Update
Fixed
Fixed Version

3.26.1-r5

Aliases
  • CVE-2023-32731
  • GHSA-cfgp-2977-2fmm

Severity

7.4

High

CVSS V3

Summary

Connection confusion in gRPC

Description

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in  https://github.com/grpc/grpc/pull/32309

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images