CVE-2024-7246

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table. Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/grpc/grpc/issues/36245	Exploit Issue Tracking Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:grpc:grpc::::::-::*
	cpe:2.3:a:grpc:grpc::::::-::*
	cpe:2.3:a:grpc:grpc::::::-::*
	cpe:2.3:a:grpc:grpc::::::-::*
	cpe:2.3:a:grpc:grpc::::::-::*
	cpe:2.3:a:grpc:grpc::::::-::*
	cpe:2.3:a:grpc:grpc::::::-::*
	cpe:2.3:a:grpc:grpc::::::-::*

History

22 Jul 2025, 19:29

Type	Values Removed	Values Added
References	~~() https://github.com/grpc/grpc/issues/36245 -~~	() https://github.com/grpc/grpc/issues/36245 - Exploit, Issue Tracking, Patch
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:grpc:grpc::::::-::*
First Time		Grpc grpc Grpc
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
Summary		(es) Es posible que un cliente gRPC que se comunica con un proxy HTTP/2 envenene la tabla HPACK entre el proxy y el backend de modo que otros clientes vean solicitudes fallidas. También es posible utilizar esta vulnerabilidad para filtrar claves de encabezado HTTP de otros clientes, pero no valores. Esto ocurre porque el estado de error de un encabezado mal codificado no se borra entre lecturas de encabezado, lo que da como resultado que los encabezados agregados posteriores (indexados incrementalmente) en la primera solicitud se envenenen hasta que se eliminen de la tabla HPACK. Actualice a una versión fija de gRPC lo antes posible. Este error se solucionó en 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.

06 Aug 2024, 11:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-06 11:16

Updated : 2025-07-22 19:29

NVD link : CVE-2024-7246

Mitre link : CVE-2024-7246

CVE.ORG link : CVE-2024-7246

JSON object : View

Products Affected

grpc

grpc

CWE

CWE-440

Expected Behavior Violation

NVD-CWE-noinfo

5.3 /10