1212180 – (CVE-2023-32731) VUL-0: CVE-2023-32731: grpc: When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame

Bug 1212180 (CVE-2023-32731) - VUL-0: CVE-2023-32731: grpc: When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame

Summary: VUL-0: CVE-2023-32731: grpc: When gRPC HTTP2 stack raised a header size excee...

Status:	IN_PROGRESS

Alias:	CVE-2023-32731

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	John Paul Adrian Glaubitz
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/368984/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-32731:7.4:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-06-09 14:01 UTC by Gianluca Gabrielli
Modified:	2024-04-12 07:07 UTC (History)
CC List:	7 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Flags:	kvanderveer: needinfo? (meissner) gianluca.gabrielli: needinfo? (rfrohl)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gianluca Gabrielli 2023-06-09 14:01:34 UTC

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing
the rest of the HPACK frame. This caused any HPACK table mutations to also be
skipped, resulting in a desynchronization of HPACK tables between sender and
receiver. If leveraged, say, between a proxy and a backend, this could lead to
requests from the proxy being interpreted as containing headers from different
proxy clients - leading to an information leak that can be used for privilege
escalation or data exfiltration. We recommend upgrading beyond the commit
contained in  https://github.com/grpc/grpc/pull/32309
https://github.com/grpc/grpc/pull/32309 


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32731
https://www.cve.org/CVERecord?id=CVE-2023-32731
https://github.com/grpc/grpc/pull/32309

Comment 1 Gianluca Gabrielli 2023-06-09 14:02:14 UTC

Affected packages:
 - SUSE:SLE-15-SP1:Update/grpc
 - SUSE:SLE-15-SP2:Update/grpc

Comment 13 OBSbugzilla Bot 2024-02-09 14:05:04 UTC

This is an autogenerated message for OBS integration:
This bug (1212180) was mentioned in
https://build.opensuse.org/request/show/1145435 Factory / python-grpcio

Comment 15 Maintenance Automation 2024-02-21 12:30:24 UTC

SUSE-SU-2024:0573-1: An update that solves five vulnerabilities, contains one feature and has three security fixes can now be installed.

Category: security (moderate)
Bug References: 1133277, 1182659, 1203378, 1208794, 1212180, 1212182, 1214148, 1215334
CVE References: CVE-2023-32731, CVE-2023-32732, CVE-2023-33953, CVE-2023-44487, CVE-2023-4785
Jira References: PED-5014
Sources used:
openSUSE Leap 15.4 (src): python-abseil-1.4.0-150400.9.3.1, re2-20240201-150400.9.3.1, grpc-1.60.0-150400.8.3.2, protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1, python-grpcio-1.60.0-150400.9.3.2, opencensus-proto-0.3.0+git.20200721-150400.9.3.1
openSUSE Leap Micro 5.3 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
openSUSE Leap Micro 5.4 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
openSUSE Leap 15.5 (src): python-abseil-1.4.0-150400.9.3.1, re2-20240201-150400.9.3.1, grpc-1.60.0-150400.8.3.2, protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1, python-grpcio-1.60.0-150400.9.3.2, opencensus-proto-0.3.0+git.20200721-150400.9.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise Server 15 SP4 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Manager Server 4.3 (src): protobuf-25.1-150400.9.3.1, grpc-1.60.0-150400.8.3.2, re2-20240201-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): protobuf-25.1-150400.9.3.1, grpc-1.60.0-150400.8.3.2, re2-20240201-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise Desktop 15 SP4 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Manager Retail Branch Server 4.3 (src): protobuf-25.1-150400.9.3.1, grpc-1.60.0-150400.8.3.2, re2-20240201-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Manager Proxy 4.3 (src): protobuf-25.1-150400.9.3.1, grpc-1.60.0-150400.8.3.2, re2-20240201-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise High Performance Computing 15 SP5 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise Server 15 SP5 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise Desktop 15 SP5 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise Micro 5.3 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise Micro 5.4 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise Micro 5.5 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
Basesystem Module 15-SP5 (src): protobuf-25.1-150400.9.3.1, grpc-1.60.0-150400.8.3.2, re2-20240201-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
Development Tools Module 15-SP5 (src): protobuf-25.1-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Package Hub 15 15-SP5 (src): protobuf-25.1-150400.9.3.1
Public Cloud Module 15-SP4 (src): grpc-1.60.0-150400.8.3.2, protobuf-25.1-150400.9.3.1
Public Cloud Module 15-SP5 (src): re2-20240201-150400.9.3.1, grpc-1.60.0-150400.8.3.2, protobuf-25.1-150400.9.3.1
Python 3 Module 15-SP5 (src): python-abseil-1.4.0-150400.9.3.1, python-grpcio-1.60.0-150400.9.3.2, protobuf-25.1-150400.9.3.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): protobuf-25.1-150400.9.3.1, grpc-1.60.0-150400.8.3.2, re2-20240201-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): protobuf-25.1-150400.9.3.1, grpc-1.60.0-150400.8.3.2, re2-20240201-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): protobuf-25.1-150400.9.3.1, grpc-1.60.0-150400.8.3.2, re2-20240201-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): protobuf-25.1-150400.9.3.1, grpc-1.60.0-150400.8.3.2, re2-20240201-150400.9.3.1, abseil-cpp-20230802.1-150400.10.4.1
SUSE Linux Enterprise Workstation Extension 15 SP5 (src): abseil-cpp-20230802.1-150400.10.4.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Karen Van der Veer 2024-03-14 15:00:01 UTC

Waiting for guidance from Marcus.