High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2023-4785
High
Low
Medium
High
Critical
7.5
CVSS Score
Vulnerability Description
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
N
Integrity
N
Availability
H
Known Affected Software
112 configuration(s) from 1 vendor(s)
grpc
Version:
1.49.3
CPE:
cpe:2.3:a:grpc:grpc:1.49.3:*:*:*:*:-:*:*
grpc
Version:
1.53.0
CPE:
cpe:2.3:a:grpc:grpc:1.53.0:-:*:*:*:go:*:*
grpc
Version:
1.24.2
CPE:
cpe:2.3:a:grpc:grpc:1.24.2:*:*:*:*:dart:*:*
grpc
Version:
1.31.2
CPE:
cpe:2.3:a:grpc:grpc:1.31.2:*:*:*:*:dart:*:*
grpc
Version:
1.34.0
CPE:
cpe:2.3:a:grpc:grpc:1.34.0:-:*:*:*:-:*:*
grpc
Version:
1.32.3
CPE:
cpe:2.3:a:grpc:grpc:1.32.3:*:*:*:*:dart:*:*
grpc
Version:
1.26.1
CPE:
cpe:2.3:a:grpc:grpc:1.26.1:*:*:*:*:dart:*:*
grpc
Version:
1.47.0
CPE:
cpe:2.3:a:grpc:grpc:1.47.0:-:*:*:*:go:*:*
grpc
Version:
1.47.1
CPE:
cpe:2.3:a:grpc:grpc:1.47.1:*:*:*:*:-:*:*
grpc
Version:
1.45.1
CPE:
cpe:2.3:a:grpc:grpc:1.45.1:*:*:*:*:-:*:*
grpc
Version:
1.52.3
CPE:
cpe:2.3:a:grpc:grpc:1.52.3:*:*:*:*:go:*:*
grpc
Version:
1.51.2
CPE:
cpe:2.3:a:grpc:grpc:1.51.2:*:*:*:*:-:*:*
grpc
Version:
1.47.2
CPE:
cpe:2.3:a:grpc:grpc:1.47.2:*:*:*:*:-:*:*
grpc
Version:
1.47.3
CPE:
cpe:2.3:a:grpc:grpc:1.47.3:*:*:*:*:-:*:*
grpc
Version:
1.43.2
CPE:
cpe:2.3:a:grpc:grpc:1.43.2:*:*:*:*:-:*:*
grpc
Version:
1.52.0
CPE:
cpe:2.3:a:grpc:grpc:1.52.0:-:*:*:*:go:*:*
grpc
Version:
1.41.1
CPE:
cpe:2.3:a:grpc:grpc:1.41.1:*:*:*:*:-:*:*
grpc
Version:
1.51.1
CPE:
cpe:2.3:a:grpc:grpc:1.51.1:*:*:*:*:-:*:*
grpc
Version:
1.48.3
CPE:
cpe:2.3:a:grpc:grpc:1.48.3:*:*:*:*:-:*:*
grpc
Version:
1.23.0
CPE:
cpe:2.3:a:grpc:grpc:1.23.0:*:*:*:*:go:*:*
grpc
Version:
1.49.0
CPE:
cpe:2.3:a:grpc:grpc:1.49.0:-:*:*:*:go:*:*
grpc
Version:
1.41.2
CPE:
cpe:2.3:a:grpc:grpc:1.41.2:*:*:*:*:dart:*:*
grpc
Version:
1.50.0
CPE:
cpe:2.3:a:grpc:grpc:1.50.0:-:*:*:*:go:*:*
grpc
Version:
1.45.2
CPE:
cpe:2.3:a:grpc:grpc:1.45.2:*:*:*:*:-:*:*
grpc
Version:
1.28.0
CPE:
cpe:2.3:a:grpc:grpc:1.28.0:-:*:*:*:-:*:*
grpc
Version:
1.37.0
CPE:
cpe:2.3:a:grpc:grpc:1.37.0:-:*:*:*:-:*:*
grpc
Version:
1.34.1
CPE:
cpe:2.3:a:grpc:grpc:1.34.1:*:*:*:*:-:*:*
grpc
Version:
1.36.0
CPE:
cpe:2.3:a:grpc:grpc:1.36.0:-:*:*:*:-:*:*
grpc
Version:
1.24.3
CPE:
cpe:2.3:a:grpc:grpc:1.24.3:*:*:*:*:*:*:*
grpc
Version:
1.51.0
CPE:
cpe:2.3:a:grpc:grpc:1.51.0:-:*:*:*:go:*:*
grpc
Version:
1.29.0
CPE:
cpe:2.3:a:grpc:grpc:1.29.0:*:*:*:*:-:*:*
grpc
Version:
1.27.1
CPE:
cpe:2.3:a:grpc:grpc:1.27.1:*:*:*:*:-:*:*
grpc
Version:
1.49.2
CPE:
cpe:2.3:a:grpc:grpc:1.49.2:*:*:*:*:-:*:*
grpc
Version:
1.46.4
CPE:
cpe:2.3:a:grpc:grpc:1.46.4:*:*:*:*:-:*:*
grpc
Version:
1.35.0
CPE:
cpe:2.3:a:grpc:grpc:1.35.0:-:*:*:*:-:*:*
grpc
Version:
1.54.2
CPE:
cpe:2.3:a:grpc:grpc:1.54.2:*:*:*:*:-:*:*
grpc
Version:
1.56.0
CPE:
cpe:2.3:a:grpc:grpc:1.56.0:-:*:*:*:go:*:*
grpc
Version:
1.32.0
CPE:
cpe:2.3:a:grpc:grpc:1.32.0:-:*:*:*:-:*:*
grpc
Version:
1.34.2
CPE:
cpe:2.3:a:grpc:grpc:1.34.2:*:*:*:*:go:*:*
grpc
Version:
1.36.3
CPE:
cpe:2.3:a:grpc:grpc:1.36.3:*:*:*:*:-:*:*
grpc
Version:
1.44.0
CPE:
cpe:2.3:a:grpc:grpc:1.44.0:-:*:*:*:-:*:*
grpc
Version:
1.48.1
CPE:
cpe:2.3:a:grpc:grpc:1.48.1:*:*:*:*:-:*:*
grpc
Version:
1.32.2
CPE:
cpe:2.3:a:grpc:grpc:1.32.2:*:*:*:*:dart:*:*
grpc
Version:
1.23.3
CPE:
cpe:2.3:a:grpc:grpc:1.23.3:*:*:*:*:-:*:*
grpc
Version:
1.46.2
CPE:
cpe:2.3:a:grpc:grpc:1.46.2:*:*:*:*:go:*:*
grpc
Version:
1.27.2
CPE:
cpe:2.3:a:grpc:grpc:1.27.2:*:*:*:*:-:*:*
grpc
Version:
1.48.0
CPE:
cpe:2.3:a:grpc:grpc:1.48.0:-:*:*:*:go:*:*
grpc
Version:
1.25.1
CPE:
cpe:2.3:a:grpc:grpc:1.25.1:*:*:*:*:go:*:*
grpc
Version:
1.42.0
CPE:
cpe:2.3:a:grpc:grpc:1.42.0:-:*:*:*:-:*:*
grpc
Version:
1.30.1
CPE:
cpe:2.3:a:grpc:grpc:1.30.1:*:*:*:*:-:*:*
grpc
Version:
1.33.0
CPE:
cpe:2.3:a:grpc:grpc:1.33.0:-:*:*:*:-:*:*
grpc
Version:
1.43.0
CPE:
cpe:2.3:a:grpc:grpc:1.43.0:-:*:*:*:-:*:*
grpc
Version:
1.30.0
CPE:
cpe:2.3:a:grpc:grpc:1.30.0:-:*:*:*:-:*:*
grpc
Version:
1.46.5
CPE:
cpe:2.3:a:grpc:grpc:1.46.5:*:*:*:*:-:*:*
grpc
Version:
1.50.1
CPE:
cpe:2.3:a:grpc:grpc:1.50.1:*:*:*:*:go:*:*
grpc
Version:
1.55.1
CPE:
cpe:2.3:a:grpc:grpc:1.55.1:*:*:*:*:go:*:*
grpc
Version:
1.27.0
CPE:
cpe:2.3:a:grpc:grpc:1.27.0:-:*:*:*:-:*:*
grpc
Version:
1.31.0
CPE:
cpe:2.3:a:grpc:grpc:1.31.0:-:*:*:*:-:*:*
grpc
Version:
1.29.1
CPE:
cpe:2.3:a:grpc:grpc:1.29.1:*:*:*:*:-:*:*
grpc
Version:
1.38.1
CPE:
cpe:2.3:a:grpc:grpc:1.38.1:*:*:*:*:-:*:*
grpc
Version:
1.42.1
CPE:
cpe:2.3:a:grpc:grpc:1.42.1:*:*:*:*:dart:*:*
grpc
Version:
1.46.0
CPE:
cpe:2.3:a:grpc:grpc:1.46.0:-:*:*:*:go:*:*
grpc
Version:
1.41.0
CPE:
cpe:2.3:a:grpc:grpc:1.41.0:-:*:*:*:-:*:*
grpc
Version:
1.42.2
CPE:
cpe:2.3:a:grpc:grpc:1.42.2:*:*:*:*:dart:*:*
grpc
Version:
1.36.2
CPE:
cpe:2.3:a:grpc:grpc:1.36.2:*:*:*:*:-:*:*
grpc
Version:
1.35.1
CPE:
cpe:2.3:a:grpc:grpc:1.35.1:*:*:*:*:dart:*:*
grpc
Version:
1.30.2
CPE:
cpe:2.3:a:grpc:grpc:1.30.2:*:*:*:*:-:*:*
grpc
Version:
1.39.1
CPE:
cpe:2.3:a:grpc:grpc:1.39.1:*:*:*:*:-:*:*
grpc
Version:
1.44.1
CPE:
cpe:2.3:a:grpc:grpc:1.44.1:*:*:*:*:-:*:*
grpc
Version:
1.24.1
CPE:
cpe:2.3:a:grpc:grpc:1.24.1:*:*:*:*:*:*:*
grpc
Version:
1.54.1
CPE:
cpe:2.3:a:grpc:grpc:1.54.1:*:*:*:*:go:*:*
grpc
Version:
1.37.1
CPE:
cpe:2.3:a:grpc:grpc:1.37.1:*:*:*:*:-:*:*
grpc
Version:
1.36.4
CPE:
cpe:2.3:a:grpc:grpc:1.36.4:*:*:*:*:-:*:*
grpc
Version:
1.45.0
CPE:
cpe:2.3:a:grpc:grpc:1.45.0:-:*:*:*:go:*:*
grpc
Version:
1.25.0
CPE:
cpe:2.3:a:grpc:grpc:1.25.0:-:*:*:*:-:*:*
grpc
Version:
1.32.1
CPE:
cpe:2.3:a:grpc:grpc:1.32.1:*:*:*:*:dart:*:*
grpc
Version:
1.43.1
CPE:
cpe:2.3:a:grpc:grpc:1.43.1:*:*:*:*:dart:*:*
grpc
Version:
1.47.4
CPE:
cpe:2.3:a:grpc:grpc:1.47.4:*:*:*:*:-:*:*
grpc
Version:
1.28.1
CPE:
cpe:2.3:a:grpc:grpc:1.28.1:*:*:*:*:-:*:*
grpc
Version:
1.53.1
CPE:
cpe:2.3:a:grpc:grpc:1.53.1:*:*:*:*:-:*:*
grpc
Version:
1.46.3
CPE:
cpe:2.3:a:grpc:grpc:1.46.3:*:*:*:*:-:*:*
grpc
Version:
1.36.1
CPE:
cpe:2.3:a:grpc:grpc:1.36.1:*:*:*:*:-:*:*
grpc
Version:
1.33.1
CPE:
cpe:2.3:a:grpc:grpc:1.33.1:*:*:*:*:-:*:*
grpc
Version:
1.52.1
CPE:
cpe:2.3:a:grpc:grpc:1.52.1:*:*:*:*:go:*:*
grpc
Version:
1.48.4
CPE:
cpe:2.3:a:grpc:grpc:1.48.4:*:*:*:*:-:*:*
grpc
Version:
1.26.0
CPE:
cpe:2.3:a:grpc:grpc:1.26.0:-:*:*:*:-:*:*
grpc
Version:
1.23.4
CPE:
cpe:2.3:a:grpc:grpc:1.23.4:*:*:*:*:-:*:*
grpc
Version:
1.27.3
CPE:
cpe:2.3:a:grpc:grpc:1.27.3:*:*:*:*:-:*:*
grpc
Version:
1.50.2
CPE:
cpe:2.3:a:grpc:grpc:1.50.2:*:*:*:*:-:*:*
grpc
Version:
1.49.1
CPE:
cpe:2.3:a:grpc:grpc:1.49.1:*:*:*:*:-:*:*
grpc
Version:
1.33.3
CPE:
cpe:2.3:a:grpc:grpc:1.33.3:*:*:*:*:go:*:*
grpc
Version:
1.46.6
CPE:
cpe:2.3:a:grpc:grpc:1.46.6:*:*:*:*:-:*:*
grpc
Version:
1.33.2
CPE:
cpe:2.3:a:grpc:grpc:1.33.2:*:*:*:*:-:*:*
grpc
Version:
1.38.0
CPE:
cpe:2.3:a:grpc:grpc:1.38.0:-:*:*:*:-:*:*
grpc
Version:
1.24.4
CPE:
cpe:2.3:a:grpc:grpc:1.24.4:*:*:*:*:-:*:*
grpc
Version:
1.51.3
CPE:
cpe:2.3:a:grpc:grpc:1.51.3:*:*:*:*:-:*:*
grpc
Version:
1.55.0
CPE:
cpe:2.3:a:grpc:grpc:1.55.0:-:*:*:*:go:*:*
grpc
Version:
1.46.1
CPE:
cpe:2.3:a:grpc:grpc:1.46.1:*:*:*:*:go:*:*
grpc
Version:
1.45.3
CPE:
cpe:2.3:a:grpc:grpc:1.45.3:*:*:*:*:-:*:*
grpc
Version:
1.52.2
CPE:
cpe:2.3:a:grpc:grpc:1.52.2:*:*:*:*:-:*:*
grpc
Version:
1.24.0
CPE:
cpe:2.3:a:grpc:grpc:1.24.0:*:*:*:*:go:*:*
grpc
Version:
1.54.0
CPE:
cpe:2.3:a:grpc:grpc:1.54.0:*:*:*:*:go:*:*
grpc
Version:
1.40.2
CPE:
cpe:2.3:a:grpc:grpc:1.40.2:*:*:*:*:dart:*:*
grpc
Version:
1.39.0
CPE:
cpe:2.3:a:grpc:grpc:1.39.0:-:*:*:*:-:*:*
grpc
Version:
1.31.1
CPE:
cpe:2.3:a:grpc:grpc:1.31.1:*:*:*:*:-:*:*
grpc
Version:
1.40.1
CPE:
cpe:2.3:a:grpc:grpc:1.40.1:*:*:*:*:dart:*:*
grpc
Version:
1.46.7
CPE:
cpe:2.3:a:grpc:grpc:1.46.7:*:*:*:*:-:*:*
grpc
Version:
1.48.2
CPE:
cpe:2.3:a:grpc:grpc:1.48.2:*:*:*:*:-:*:*
grpc
Version:
1.23.1
CPE:
cpe:2.3:a:grpc:grpc:1.23.1:*:*:*:*:go:*:*
grpc
Version:
1.28.2
CPE:
cpe:2.3:a:grpc:grpc:1.28.2:*:*:*:*:-:*:*
grpc
Version:
1.40.0
CPE:
cpe:2.3:a:grpc:grpc:1.40.0:-:*:*:*:-:*:*
grpc
Version:
1.47.5
CPE:
cpe:2.3:a:grpc:grpc:1.47.5:*:*:*:*:-:*:*
This vulnerability affects 112 software configuration(s). Ensure you patch all affected systems.
Microsoft
2024-Jun-CVE-2023-4785
CVE-2023-4785: None
Severity
Unknown
Released
Oct 22, 2025
Security Update
Oracle
CPUJAN2025
Oracle Critical Patch Update Advisory - January 2025
Severity
Critical
Released
Jan 21, 2025
Restart Required
Security Update
References & Resources
-
https://github.com/grpc/grpc/pull/33656cve-coordination@google.com Issue Tracking Patch
-
https://github.com/grpc/grpc/pull/33667cve-coordination@google.com Issue Tracking
-
https://github.com/grpc/grpc/pull/33669cve-coordination@google.com Issue Tracking
-
https://github.com/grpc/grpc/pull/33670cve-coordination@google.com Issue Tracking
-
https://github.com/grpc/grpc/pull/33672cve-coordination@google.com Issue Tracking
-
https://github.com/grpc/grpc/pull/33656af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Patch
-
https://github.com/grpc/grpc/pull/33667af854a3a-2127-422b-91ae-364da2661108 Issue Tracking
-
https://github.com/grpc/grpc/pull/33669af854a3a-2127-422b-91ae-364da2661108 Issue Tracking
-
https://github.com/grpc/grpc/pull/33670af854a3a-2127-422b-91ae-364da2661108 Issue Tracking
-
https://github.com/grpc/grpc/pull/33672af854a3a-2127-422b-91ae-364da2661108 Issue Tracking
Severity Details
7.5
out of 10.0
High
Weakness Type (CWE)
CWE-248
Uncaught Exception
- Description
- An exception is thrown from a function, but it is not caught.
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- September 13, 2023
