{"id":"CVE-2023-1428","details":"There exists an vulnerability causing an abort() to be called in gRPC. \nThe following headers cause gRPC's C++ implementation to abort() when called via http2:\n\nte: x (x != trailers)\n\n:scheme: x (x != http, https)\n\ngrpclb_client_stats: x (x == anything)\n\nOn top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.\n\n","aliases":["GHSA-6628-q6j9-w8vg"],"modified":"2026-04-12T06:36:31.998987Z","published":"2023-06-09T11:15:09.200Z","related":["CGA-7mrf-f5v6-gp6f"],"references":[{"type":"FIX","url":"https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/grpc/grpc","events":[{"introduced":"fb01bb12456d015d9e4b7b8ebf2e8a7c803e96ad"},{"fixed":"358bfb581feeda5bf17dd3b96da1074d84a6ef8d"},{"fixed":"2485fa94bd8a723e5c977d55a3ce10b301b437f8"}],"database_specific":{"cpe":"cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"1.51.0"},{"fixed":"1.53.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-1428.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["77917777258970324137091572071526349858","313965056587240481305108022514032655139","327942460876962120776632160960094872524","319499281142633736843584522608260061550","221476168521612255346409415188569777926","219191431682892297756968210528234109178","29065409360241060735445284276661961567","124477756047082237877087743219816045193","295267686395818852424067489111555122289","267870824821823095641852076205149287760","190120333878596716159437050437378710906","201256118375080535627866627220441042220"]},"signature_version":"v1","signature_type":"Line","id":"CVE-2023-1428-92a6729a","deprecated":false,"target":{"file":"src/core/lib/transport/metadata_batch.h"},"source":"https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8"},{"digest":{"threshold":0.9,"line_hashes":["248602510802292964769421408036676393273","95784582260700503370689081483009089704","150246024246185734988961442473965001239","129475932549979751744539667166528603028"]},"signature_version":"v1","signature_type":"Line","id":"CVE-2023-1428-ac2d0e5f","deprecated":false,"target":{"file":"src/core/ext/transport/chttp2/transport/hpack_parser.cc"},"source":"https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8"},{"digest":{"threshold":0.9,"line_hashes":["296793851486459924260521861757811068285","79856173466137552161301557830167225091","160921107675916528917926446055468807851"]},"signature_version":"v1","signature_type":"Line","id":"CVE-2023-1428-cf3e28f7","deprecated":false,"target":{"file":"src/core/lib/transport/metadata_batch.cc"},"source":"https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8"}],"vanir_signatures_modified":"2026-04-12T06:36:31Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}