GHSA-p25m-jpj4-qcrr, CVE-2023-4785
pypi/grpcio
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
All versions starting from 1.53.0 before 1.53.2, all versions starting from 1.54.0 before 1.54.3, all versions starting from 1.55.0 before 1.55.3
Upgrade to versions 1.54.3, 1.55.3, 1.53.2 or above.
2024-02-12
source |