CVE-2023-32732

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url

Published: Jun 9, 2023
Updated: May 4, 2025
CVE: CVE-2023-32732
GHSA: GHSA-9hxf-ppjv-w6rq
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWEs:

CWE-440

Affected Software
References

Software	From	Fixed in
grpc / grpc	-	1.53.0
io.grpc / grpc-protobuf	-	1.53.0
grpcio	-	1.53.0
grpc	-	1.53.0
fedoraproject / fedora	37	37.x
fedoraproject / fedora	38	38.x

https://github.com/grpc/grpc/pull/32309
https://github.com/grpc/grpc/releases/tag/v1.53.1
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-32732.yml
https://lists.fedoraproject.org/archives/list/[email protected]/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY
https://lists.fedoraproject.org/archives/list/[email protected]/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/
https://lists.fedoraproject.org/archives/list/[email protected]/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL
https://lists.fedoraproject.org/archives/list/[email protected]/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/

Vulnerability Database

289,598

CVE-2023-32732