{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-4785", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2023-09-06T04:50:57.530Z", "datePublished": "2023-09-13T16:31:55.664Z", "dateUpdated": "2026-01-12T15:34:12.725Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Posix-compatible platforms"], "product": "gRPC", "repo": "https://github.com/grpc/grpc", "vendor": "Google", "versions": [{"lessThan": "1.23", "status": "unaffected", "version": "0", "versionType": "custom"}, {"status": "unaffected", "version": "1.57"}, {"changes": [{"at": "1.56.2", "status": "unaffected"}], "lessThanOrEqual": "1.56.1", "status": "affected", "version": "1.56.0", "versionType": "custom"}, {"changes": [{"at": "1.55.3", "status": "unaffected"}], "lessThanOrEqual": "1.55.2", "status": "affected", "version": "1.55.0", "versionType": "custom"}, {"changes": [{"at": "1.54.3", "status": "unaffected"}], "lessThanOrEqual": "1.54.2", "status": "affected", "version": "1.54.0", "versionType": "custom"}, {"changes": [{"at": "1.53.2", "status": "unaffected"}], "lessThanOrEqual": "1.53.1", "status": "affected", "version": "1.53.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. "}], "value": "Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected."}], "impacts": [{"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125 Flooding"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-248", "description": "CWE-248", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2026-01-12T15:34:12.725Z"}, "references": [{"url": "https://github.com/grpc/grpc/pull/33656"}, {"url": "https://github.com/grpc/grpc/pull/33667"}, {"url": "https://github.com/grpc/grpc/pull/33669"}, {"url": "https://github.com/grpc/grpc/pull/33670"}, {"url": "https://github.com/grpc/grpc/pull/33672"}], "source": {"discovery": "UNKNOWN"}, "title": "Denial of Service in gRPC Core", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.495Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/grpc/grpc/pull/33656", "tags": ["x_transferred"]}, {"url": "https://github.com/grpc/grpc/pull/33667", "tags": ["x_transferred"]}, {"url": "https://github.com/grpc/grpc/pull/33669", "tags": ["x_transferred"]}, {"url": "https://github.com/grpc/grpc/pull/33670", "tags": ["x_transferred"]}, {"url": "https://github.com/grpc/grpc/pull/33672", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "grpc", "product": "grpc", "cpes": ["cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.23", "versionType": "custom"}, {"version": "1.57", "status": "affected"}, {"version": "1.56.0", "status": "affected", "lessThanOrEqual": "1.56.1", "versionType": "custom"}, {"version": "1.55.0", "status": "affected", "lessThanOrEqual": "155.2", "versionType": "custom"}, {"version": "1.54.0", "status": "affected", "lessThanOrEqual": "1.54.2", "versionType": "custom"}, {"version": "1.53.0", "status": "affected", "lessThanOrEqual": "1.53.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-25T18:02:01.004344Z", "id": "CVE-2023-4785", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T18:05:52.337Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/grpc/grpc/pull/33656", "tags": ["x_transferred"]}, {"url": "https://github.com/grpc/grpc/pull/33667", "tags": ["x_transferred"]}, {"url": "https://github.com/grpc/grpc/pull/33669", "tags": ["x_transferred"]}, {"url": "https://github.com/grpc/grpc/pull/33670", "tags": ["x_transferred"]}, {"url": "https://github.com/grpc/grpc/pull/33672", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.495Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4785", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-25T18:02:01.004344Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"], "vendor": "grpc", "product": "grpc", "versions": [{"status": "affected", "version": "0", "lessThan": "1.23", "versionType": "custom"}, {"status": "affected", "version": "1.57"}, {"status": "affected", "version": "1.56.0", "versionType": "custom", "lessThanOrEqual": "1.56.1"}, {"status": "affected", "version": "1.55.0", "versionType": "custom", "lessThanOrEqual": "155.2"}, {"status": "affected", "version": "1.54.0", "versionType": "custom", "lessThanOrEqual": "1.54.2"}, {"status": "affected", "version": "1.53.0", "versionType": "custom", "lessThanOrEqual": "1.53.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T18:04:26.086Z"}}], "cna": {"title": "Denial of Service in gRPC Core", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125 Flooding"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/grpc/grpc", "vendor": "Google", "product": "gRPC", "versions": [{"status": "unaffected", "version": "0", "lessThan": "1.23", "versionType": "custom"}, {"status": "unaffected", "version": "1.57"}, {"status": "affected", "changes": [{"at": "1.56.2", "status": "unaffected"}], "version": "1.56.0", "versionType": "custom", "lessThanOrEqual": "1.56.1"}, {"status": "affected", "changes": [{"at": "1.55.3", "status": "unaffected"}], "version": "1.55.0", "versionType": "custom", "lessThanOrEqual": "1.55.2"}, {"status": "affected", "changes": [{"at": "1.54.3", "status": "unaffected"}], "version": "1.54.0", "versionType": "custom", "lessThanOrEqual": "1.54.2"}, {"status": "affected", "changes": [{"at": "1.53.2", "status": "unaffected"}], "version": "1.53.0", "versionType": "custom", "lessThanOrEqual": "1.53.1"}], "platforms": ["Posix-compatible platforms"], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/grpc/grpc/pull/33656"}, {"url": "https://github.com/grpc/grpc/pull/33667"}, {"url": "https://github.com/grpc/grpc/pull/33669"}, {"url": "https://github.com/grpc/grpc/pull/33670"}, {"url": "https://github.com/grpc/grpc/pull/33672"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.", "supportingMedia": [{"type": "text/html", "value": "Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-248", "description": "CWE-248"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2026-01-12T15:34:12.725Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4785", "state": "PUBLISHED", "dateUpdated": "2026-01-12T15:34:12.725Z", "dateReserved": "2023-09-06T04:50:57.530Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2023-09-13T16:31:55.664Z", "assignerShortName": "Google"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", "matchCriteriaId": "988AD4A4-5F77-4474-B06B-7677D748F1AC", "versionEndExcluding": "1.53.2", "versionStartIncluding": "1.23.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", "matchCriteriaId": "1A6B7840-8878-4F83-977A-1AF53E103F51", "versionEndExcluding": "1.54.3", "versionStartIncluding": "1.54.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*", "matchCriteriaId": "75EDD526-0BB3-43B4-9158-B3D9593E7368", "versionEndExcluding": "1.55.3", "versionStartIncluding": "1.55.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:grpc:grpc:1.56.0:*:*:*:*:-:*:*", "matchCriteriaId": "DB59E93E-4F0B-49D7-AD20-AC7B3A151195", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected."}, {"lang": "es", "value": "La falta de manejo de errores en el servidor TCP en gRPC de Google a partir de la versi\u00f3n 1.23 en plataformas compatibles con posix (por ejemplo, Linux) permite a un atacante provocar una denegaci\u00f3n de servicio al iniciar una cantidad significativa de conexiones con el servidor. Tenga en cuenta que gRPC C++ Python y Ruby se ven afectados, pero gRPC Java y Go NO se ven afectados."}], "id": "CVE-2023-4785", "lastModified": "2026-01-12T16:16:03.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve-coordination@google.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-13T17:15:10.227", "references": [{"source": "cve-coordination@google.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/grpc/grpc/pull/33656"}, {"source": "cve-coordination@google.com", "tags": ["Issue Tracking"], "url": "https://github.com/grpc/grpc/pull/33667"}, {"source": "cve-coordination@google.com", "tags": ["Issue Tracking"], "url": "https://github.com/grpc/grpc/pull/33669"}, {"source": "cve-coordination@google.com", "tags": ["Issue Tracking"], "url": "https://github.com/grpc/grpc/pull/33670"}, {"source": "cve-coordination@google.com", "tags": ["Issue Tracking"], "url": "https://github.com/grpc/grpc/pull/33672"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/grpc/grpc/pull/33656"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/grpc/grpc/pull/33667"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/grpc/grpc/pull/33669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/grpc/grpc/pull/33670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/grpc/grpc/pull/33672"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}], "source": "cve-coordination@google.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0797", "cpe": "cpe:/a:redhat:satellite:6.14::el8", "impact": "moderate", "package": "rubygem-grpc-0:1.58.0-1.el8sat", "product_name": "Red Hat Satellite 6.14 for RHEL 8", "release_date": "2024-02-13T00:00:00Z"}], "bugzilla": {"description": "gRPC: file descriptor exhaustion leads to denial of service", "id": "2239017", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239017"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-248", "details": ["Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.\u00a0", "A flaw was found in gRPC. Lack of error handling in the TCP server in Google's gRPC, starting in version 1.23 on POSIX-compatible platforms (for example, Linux), allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++, Python, and Ruby are affected, but gRPC Java and Go are NOT affected."], "name": "CVE-2023-4785", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "grpc", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-kuryr-cni-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-kuryr-controller-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2023-09-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-4785\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4785\nhttps://github.com/advisories/GHSA-p25m-jpj4-qcrr\nhttps://github.com/grpc/grpc/pull/33656\nhttps://github.com/grpc/grpc/pull/33667\nhttps://github.com/grpc/grpc/pull/33669\nhttps://github.com/grpc/grpc/pull/33670\nhttps://github.com/grpc/grpc/pull/33672"], "threat_severity": "Moderate"}