{"id":"CVE-2023-4785","details":"Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.","aliases":["ECHO-050a-2d98-bb04","GHSA-p25m-jpj4-qcrr"],"modified":"2026-04-14T18:48:10.318022613Z","published":"2023-09-13T17:15:10.227Z","related":["CGA-vr55-29vv-j265","SUSE-SU-2024:0573-1","openSUSE-SU-2024:13621-1","openSUSE-SU-2024:13634-1"],"references":[{"type":"REPORT","url":"https://github.com/grpc/grpc/pull/33656"},{"type":"REPORT","url":"https://github.com/grpc/grpc/pull/33667"},{"type":"REPORT","url":"https://github.com/grpc/grpc/pull/33669"},{"type":"REPORT","url":"https://github.com/grpc/grpc/pull/33670"},{"type":"REPORT","url":"https://github.com/grpc/grpc/pull/33672"},{"type":"FIX","url":"https://github.com/grpc/grpc/pull/33656"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/grpc/grpc","events":[{"introduced":"0bf4a618b17a3f0ed61c22364913c7f66fc1c61a"},{"fixed":"49dcbce9aba5f5f0959871354df90e38f0c5ed00"},{"introduced":"6847e05dbb8088a918f06e2231a405942b5c002d"},{"fixed":"868412b573a0663c8db41558498caf44098f4390"},{"introduced":"7c0764918b9f33cab507ff483b4be849b0203ec4"},{"fixed":"afb307fb89ed83f358d82b5d359034a039a95e66"}]}],"versions":["1.33.1","v1.23.0","v1.24.0","v1.24.0-pre1","v1.24.0-pre2","v1.24.1","v1.24.2","v1.24.3","v1.25.0","v1.25.0-pre1","v1.26.0","v1.26.0-pre1","v1.29.0","v1.29.1","v1.30.0","v1.30.0-pre1","v1.30.1","v1.30.2","v1.31.0","v1.31.0-pre1","v1.31.0-pre2","v1.31.1","v1.32.0","v1.32.0-pre1","v1.33.0","v1.33.0-pre1","v1.33.0-pre2","v1.33.1","v1.33.2","v1.34.0","v1.34.0-pre1","v1.35.0-pre1","v1.41.0-pre1","v1.53.0","v1.53.0-pre1","v1.53.0-pre2","v1.53.1","v1.54.0","v1.54.1","v1.54.2","v1.55.0","v1.55.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4785.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/grpc/grpc-java","events":[{"introduced":"e48040541bb2b42e2465344faee241a24d747466"},{"fixed":"958205ddb1ab7ec1f5bb92a1a812cf30fa753c36"}]}],"versions":["v1.55.0","v1.55.1"],"database_specific":{"vanir_signatures":[{"id":"CVE-2023-4785-f337f5d8","target":{"file":"core/src/main/java/io/grpc/internal/GrpcUtil.java"},"signature_version":"v1","source":"https://github.com/grpc/grpc-java/commit/958205ddb1ab7ec1f5bb92a1a812cf30fa753c36","deprecated":false,"signature_type":"Line","digest":{"line_hashes":["148529735852666896963464408479363428299","317277031500261825959216832225781396438","121902372659488140859240128980598754188","234477324359876819246199200915366156403"],"threshold":0.9}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4785.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}