Home/Product/grpc
Product

grpc

14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-33186
< 1.79.3
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper i
9.1CRITICAL
 CVE-2024-11407
>= 1.60.0 and < 1.66.1
There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through t
7.5HIGH
 CVE-2024-7246
< 1.58.3
It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such
5.3MEDIUM
 CVE-2023-44487
<= 1.59.2
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q
7.5HIGH
 CVE-2023-4785
>= 1.23.0 and < 1.53.2
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows a
7.5HIGH
 CVE-2023-33953
< 1.53.2
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and ser
7.5HIGH
 CVE-2023-32732
< 1.53.0
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a ba
5.3MEDIUM
 CVE-2023-32731
>= 1.53.0 and < 1.55.0
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK t
7.4HIGH
 CVE-2023-1428
>= 1.51.0 and < 1.53.0
There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to
7.5HIGH
 CVE-2020-7768
< 1.24.2
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefini
7.5HIGH
 CVE-2017-9431
<= 1.2.2
Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.
9.8CRITICAL
 CVE-2017-8359
<= 1.2.1
Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy fu
9.8CRITICAL
 CVE-2017-7861
<= 1.1.2
Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.
9.8CRITICAL
 CVE-2017-7860
<= 1.1.2
Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function
9.8CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh