vulnerability

Red Hat: CVE-2023-1428: gRPC: Reachable Assertion (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Jun 9, 2023	Feb 10, 2025	Sep 1, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Jun 9, 2023

Added

Feb 10, 2025

Modified

Sep 1, 2025

Description

There exists an vulnerability causing an abort() to be called in gRPC.
The following headers cause gRPC's C++ implementation to abort() when called via http2:

te: x (x != trailers)

:scheme: x (x != http, https)

grpclb_client_stats: x (x == anything)

On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.

Solutions

redhat-upgrade-rhc-worker-playbookredhat-upgrade-rhc-worker-playbook-debuginfo

References

CWE-617
NVD-CVE-2023-1428
REDHAT-RHSA-2024:10761

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today