{"id":"AZL-34772","summary":"CVE-2023-4785 affecting package grpc for versions less than 1.62.0-2","details":"Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.","modified":"2026-04-01T05:11:40.534250Z","published":"2023-09-13T17:15:10Z","upstream":["CVE-2023-4785"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4785"}],"affected":[{"package":{"name":"grpc","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/grpc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.62.0-2"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-34772.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}