SUSE: CVE-2023-32732: SUSE Linux Security Advisory

SUSE: CVE-2023-32732: SUSE Linux Security Advisory

Severity

5

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

06/09/2023

Created

02/23/2024

Added

02/22/2024

Modified

01/28/2025

Description

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url

Solution(s)

• suse-upgrade-abseil-cpp-devel
• suse-upgrade-grpc-devel
• suse-upgrade-grpc-source
• suse-upgrade-libabsl2308_0_0
• suse-upgrade-libabsl2308_0_0-32bit
• suse-upgrade-libgrpc-1_60
• suse-upgrade-libgrpc1_60
• suse-upgrade-libgrpc37
• suse-upgrade-libprotobuf-lite25_1_0
• suse-upgrade-libprotobuf-lite25_1_0-32bit
• suse-upgrade-libprotobuf25_1_0
• suse-upgrade-libprotobuf25_1_0-32bit
• suse-upgrade-libprotoc25_1_0
• suse-upgrade-libprotoc25_1_0-32bit
• suse-upgrade-libre2-11
• suse-upgrade-libre2-11-32bit
• suse-upgrade-libupb37
• suse-upgrade-opencensus-proto-source
• suse-upgrade-protobuf-devel
• suse-upgrade-protobuf-java
• suse-upgrade-python311-abseil
• suse-upgrade-python311-grpcio
• suse-upgrade-python311-protobuf
• suse-upgrade-re2-devel
• suse-upgrade-upb-devel

References

• https://attackerkb.com/topics/cve-2023-32732
• CVE - 2023-32732