{"vulnerability": "CVE-2023-32731", "sightings": [{"uuid": "b09483ae-0f4c-40ae-a6fb-f9bd6ae458c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32731", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/65098", "content": "\u203c CVE-2023-32731 \u203c\n\nWhen gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in\u00c2\u00a0 https://github.com/grpc/grpc/pull/32309 https://github.com/grpc/grpc/pull/32309\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-09T14:21:41.000000Z"}]}