CVE-2023-44487

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-44487
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-44487.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-44487
Aliases
Downstream
Related
Published
2023-10-10T14:15:10.883Z
Modified
2026-02-06T22:55:59.317079Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

References

Affected packages

Git
github.com/grpc/grpc-java

Affected ranges

Type
GIT
Repo
https://github.com/grpc/grpc-java
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1c9345987f6501c43c748ad15b410f695a75bef3
Fixed
3dbd250eae2c5e4f4e5e7046c6573805cc0dcc29
Fixed
cde208afce38186d06084605abed36f21b003465
Fixed
fd7d2e5eb4dd020bb892278c78f7b3ef901232c1

Database specific

vanir_signatures 
[
    {
        "signature_type": "Line",
        "source": "https://github.com/grpc/grpc-java/commit/fd7d2e5eb4dd020bb892278c78f7b3ef901232c1",
        "target": {
            "file": "core/src/main/java/io/grpc/internal/GrpcUtil.java"
        },
        "id": "CVE-2023-44487-304c5732",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "211429177714563350295766002746950682415",
                "144840551360246983340724683931121696360",
                "216057685371857328639219311491966888968",
                "269328273701509218789012263070146076911"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/grpc/grpc-java/commit/3dbd250eae2c5e4f4e5e7046c6573805cc0dcc29",
        "target": {
            "file": "core/src/main/java/io/grpc/internal/GrpcUtil.java"
        },
        "id": "CVE-2023-44487-35e98577",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "99320090904636110182299094162757492060",
                "165494944777072961626416668629022711760",
                "266066916632370487945750204487005499059",
                "267846746921822202846984529662575162150"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/grpc/grpc-java/commit/cde208afce38186d06084605abed36f21b003465",
        "target": {
            "file": "core/src/main/java/io/grpc/internal/GrpcUtil.java"
        },
        "id": "CVE-2023-44487-5ecacf74",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "2924417680346057517451287411494500332",
                "37797666818819677617006618606516495288",
                "12395536377597138516843557228060535552",
                "298354614495450435063552769147508739246"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/grpc/grpc-java/commit/1c9345987f6501c43c748ad15b410f695a75bef3",
        "target": {
            "file": "core/src/main/java/io/grpc/internal/GrpcUtil.java"
        },
        "id": "CVE-2023-44487-602b1d18",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "205821306856742678715105192315807690916",
                "262554642240053725585003993229998583755",
                "79898886725608533285783498394802810794",
                "297287218961713857883058256814618437227"
            ]
        },
        "deprecated": false
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-44487.json"
github.com/grpc/grpc-node

Affected ranges

Type
GIT
Repo
https://github.com/grpc/grpc-node
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
da8d57c215e19444d0241a71b315372bbfa34cfe

Affected versions

@grpc/grpc-js@0.*
@grpc/grpc-js@0.2.0
@grpc/grpc-js@0.3.0
@grpc/grpc-js@0.3.1
@grpc/grpc-js@0.3.2
@grpc/grpc-js@0.3.3
@grpc/grpc-js@0.3.4
@grpc/grpc-js@0.3.6
@grpc/grpc-js@0.4.0
@grpc/grpc-js@0.4.2
@grpc/grpc-js@0.4.3
@grpc/proto-loader@0.*
@grpc/proto-loader@0.3.0
@grpc/proto-loader@0.4.0
@grpc/proto-loader@0.5.0
@grpc/proto-loader@0.5.1
grpc-tools@1.*
grpc-tools@1.7.0
grpc-tools@1.7.2
grpc-tools@1.8.0
grpc@1.*
grpc@1.13.0
grpc@1.13.1
grpc@1.14.0
grpc@1.14.1
grpc@1.15.0
grpc@1.15.1
grpc@1.16.0
grpc@1.16.1
grpc@1.17.0
grpc@1.18.0
grpc@1.19.0
grpc@1.20.0
grpc@1.20.2
grpc@1.20.3
v1.*
v1.10.0
v1.10.1
v1.11.0
v1.11.1
v1.11.2
v1.12.1
v1.12.2
v1.12.3
v1.7.0
v1.7.1
v1.8.0
v1.8.4
v1.9.0
v1.9.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-44487.json"
github.com/jetty/jetty.project

Affected ranges

Type
GIT
Repo
https://github.com/jetty/jetty.project
Events
Fixed
27bde00a0b95a1d5bbee0eae7984f891d2d0f8c9
Introduced
432f896d7a4555fcc81f38108757ea0aca8788e6
Fixed
48e7716b9462bebea6732b885dbebb4300787a5c
Fixed
51c79e8ddfe72bde11ba0b6323e3313e7df85882
Introduced
b9645a17373e4e9b7f30b6c0a07defcea2cb660b
Fixed
af15f12297adf5c5083e1f2f8f4c5974438bca25
Introduced
28100e8da711e44c0722ed10bd413ae862497539
Fixed
b01e3611cfcec50c9157c50f6d32a93515e01510
Fixed
bf9d17540c7ae4c91be30c045a9485aa2030d3e5
Introduced
e6822fabb0f4c33670771552ba14a5a3aabec239
Fixed
ebbe37294fa4135c54f10b95710987f985390194
Fixed
eec282f61fa80cfbbf3b847a51875a6a56ff5406

Affected versions

jetty-10.*
jetty-10.0.0
jetty-10.0.1
jetty-10.0.13
jetty-10.0.15
jetty-10.0.16
jetty-10.0.2
jetty-10.0.4
jetty-10.0.5
jetty-10.0.6
jetty-10.0.7
jetty-10.0.8
jetty-11.*
jetty-11.0.0
jetty-11.0.1
jetty-11.0.13
jetty-11.0.15
jetty-11.0.16
jetty-11.0.2
jetty-11.0.4
jetty-11.0.5
jetty-11.0.6
jetty-11.0.7
jetty-11.0.8
jetty-11.0.9
jetty-9.*
jetty-9.4.36.v20210114
jetty-9.4.37.v20210219
jetty-9.4.38.v20210224
jetty-9.4.39.v20210325
jetty-9.4.40.v20210413
jetty-9.4.42.v20210604
jetty-9.4.43.v20210629
jetty-9.4.44.v20210927
jetty-9.4.45.v20220203
jetty-9.4.50.v20221201
jetty-9.4.52.v20230823

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-44487.json"
github.com/openshift/origin

Affected ranges

Type
GIT
Repo
https://github.com/openshift/origin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
008f2d5528bf998326b5eb3f1fe3144c59392b9d

Affected versions

v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.1
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.2.0
v1.2.0-rc1
v1.2.0-rc2
v1.3.0
v1.3.0-alpha.0
v1.3.0-alpha.1
v1.3.0-alpha.2
v1.3.0-alpha.3
v1.3.0-rc1
v1.4.0-alpha.0
v1.4.0-alpha.1
v1.5.0-alpha.0
v1.5.0-alpha.1
v1.5.0-alpha.2
v1.5.0-alpha.3
v3.*
v3.6.0
v3.6.0-alpha.0
v3.6.0-alpha.1
v3.6.0-alpha.2
v3.6.0-rc.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-44487.json"
github.com/traefik/traefik

Affected ranges

Type
GIT
Repo
https://github.com/traefik/traefik
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5560ab28f2b1525759abb7b117189a53310ed1e9
Fixed
6a34f238ceb13cb0a81d5d131fdfe1ff2e425f33
Fixed
a51918066548a919cf8d46c8c5193cd5ab52a999
Fixed
ade2306a605f0341207ea0972d237ce904cadfe2
Fixed
e0b442a48b3f874c50e55087989855cc4b339e99

Affected versions

v1.*
v1.0
v1.0.0
v1.0.0-beta.211
v1.0.0-beta.212
v1.0.0-beta.220
v1.0.0-beta.224
v1.0.0-beta.247
v1.0.0-beta.254
v1.0.0-beta.277
v1.0.0-beta.280
v1.0.0-beta.287
v1.0.0-beta.289
v1.0.0-beta.291
v1.0.0-beta.300
v1.0.0-beta.324
v1.0.0-beta.339
v1.0.0-beta.341
v1.0.0-beta.352
v1.0.0-beta.355
v1.0.0-beta.366
v1.0.0-beta.374
v1.0.0-beta.392
v1.0.0-beta.395
v1.0.0-beta.404
v1.0.0-beta.408
v1.0.0-beta.416
v1.0.0-beta.421
v1.0.0-beta.427
v1.0.0-beta.433
v1.0.0-beta.436
v1.0.0-beta.440
v1.0.0-beta.442
v1.0.0-beta.453
v1.0.0-beta.470
v1.0.0-beta.475
v1.0.0-beta.481
v1.0.0-beta.484
v1.0.0-beta.505
v1.0.0-beta.508
v1.0.0-beta.513
v1.0.0-beta.524
v1.0.0-beta.545
v1.0.0-beta.548
v1.0.0-beta.555
v1.0.0-beta.573
v1.0.0-beta.576
v1.0.0-beta.582
v1.0.0-beta.601
v1.0.0-beta.610
v1.0.0-beta.614
v1.0.0-beta.621
v1.0.0-beta.644
v1.0.0-beta.652
v1.0.0-beta.666
v1.0.0-beta.673
v1.0.0-beta.676
v1.0.0-beta.682
v1.0.0-beta.692
v1.0.0-beta.695
v1.0.0-beta.704
v1.0.0-beta.712
v1.0.0-beta.721
v1.0.0-beta.723
v1.0.0-beta.732
v1.0.0-beta.744
v1.0.0-beta.754
v1.0.0-beta.756
v1.0.0-beta.767
v1.0.0-beta.771
v1.0.0-beta.784
v1.0.0-beta.794
v1.0.0-beta.804
v1.0.0-beta.809
v1.0.0-rc1
v1.0.0-rc2
v1.0.0-rc3
v1.0.1
v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185
v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458
v1.0.alpha.157
v1.0.alpha.164
v1.0.alpha.170
v1.0.alpha.171
v1.0.alpha.176
v1.0.alpha.178
v1.0.alpha.182
v1.0.alpha.186
v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e
v1.0.alpha.200
v1.0.alpha.212
v1.0.alpha.215
v1.0.alpha.216
v1.0.alpha.217
v1.0.alpha.228
v1.0.alpha.247
v1.0.alpha.249
v1.0.alpha.250
v1.0.alpha.251
v1.0.alpha.252
v1.0.alpha.256
v1.0.alpha.257
v1.0.alpha.263
v1.0.alpha.266
v1.0.alpha.267
v1.0.alpha.268
v1.0.alpha.269
v1.0.alpha.270
v1.0.alpha.271
v1.0.alpha.272
v1.0.alpha.273
v1.0.alpha.274
v1.0.alpha.275
v1.0.alpha.285
v1.0.alpha.288
v1.0.alpha.290
v1.0.alpha.291
v1.0.alpha.302
v1.0.alpha.306
v1.0.alpha.311
v1.0.alpha.329
v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d
v1.0.alpha.333
v1.0.alpha.336
v1.0.alpha.338
v1.0.alpha.341
v1.0.alpha.357
v1.0.alpha.358
v1.0.alpha.361
v1.0.alpha.364
v1.0.alpha.367
v1.0.alpha.374
v1.0.alpha.392
v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb
v1.0.alpha.404
v1.0.alpha.412
v1.0.alpha.418
v1.0.alpha.421
v1.0.alpha.425
v1.0.alpha.439
v1.0.alpha.443
v1.0.alpha.450
v1.0.alpha.463
v1.0.alpha.469
v1.0.alpha.471
v1.0.alpha.477
v1.0.alpha.481
v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2
v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e
v1.0.alpha.506
v1.0.alpha.516
v1.0.alpha.522
v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b
v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a
v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30
v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff
v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708
v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05
v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b
v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f
v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb
v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e
v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b
v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d
v1.1.0
v1.1.0-rc1
v1.1.0-rc2
v1.1.0-rc3
v1.1.0-rc4
v1.1.1
v1.3.0
v1.3.0-rc1
v1.3.0-rc2
v1.3.0-rc3
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.4.0
v1.4.0-rc1
v1.4.0-rc2
v1.4.0-rc3
v1.4.0-rc4
v1.4.0-rc5
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.5.0
v1.5.0-rc1
v1.5.0-rc2
v1.5.0-rc3
v1.5.0-rc4
v1.5.0-rc5
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.6.0
v1.6.0-rc1
v1.6.0-rc2
v1.6.0-rc3
v1.6.0-rc4
v1.6.0-rc5
v1.6.0-rc6
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.7.0
v1.7.0-rc1
v1.7.0-rc2
v1.7.0-rc3
v1.7.0-rc4
v1.7.0-rc5
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v2.*
v2.0.0
v2.0.0-alpha1
v2.0.0-alpha2
v2.0.0-alpha3
v2.0.0-alpha4
v2.0.0-alpha5
v2.0.0-alpha6
v2.0.0-alpha7
v2.0.0-alpha8
v2.0.0-beta1
v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.0.0-rc4
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.1.0
v2.1.0-rc1
v2.1.0-rc2
v2.1.0-rc3
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.1.9
v2.2.0-rc1
v2.2.0-rc2
v2.2.0-rc3
v2.2.0-rc4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-44487.json"