CVE-2024-7246

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-7246
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-7246.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-7246
Downstream
Related
Published
2024-08-06T11:16:07.587Z
Modified
2026-02-06T04:57:52.157922Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values.

This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table.

Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.

References

Affected packages

Git / github.com/grpc/grpc

Affected ranges

Type
GIT
Repo
https://github.com/grpc/grpc
Events
Introduced
0ef13a7555dbaadd4633399242524129eef5e231
Fixed
0bab87ede8244a21fce01294a364cc9a7fc99ed8
Fixed
14bcda7eae0ee99f6a6dceb8d6cc23f49362f577
Introduced
ac1418547838ab067a02af4402046f7bc1cbc44c
Fixed
79fb6564995720f750ef7bc31523101b8961b911
Introduced
b8a04acbbf18fd1c805e5d53d62ed9fa4721a4d1
Fixed
aef0f0ccc3d21a328282144b8aa666f3c570dfb9
Introduced
08cc1787de022069135004adfdd17938b5062319
Fixed
b22b8e6c8855f958afda436d9f1def216085d505
Introduced
45479fda2a083c4e46310b9bb6e45e625e381269
Fixed
c3407b728428b84f4c0b8c1b653094903fe2f462
Introduced
f78a54c5ad4e058734aa9b2beb9459940e4de342
Fixed
c48c8fc22325ad867b67fec3ba58290ce90d4741
Introduced
a13178cb2537822bcdc552faba98fd9fa3c35b3e
Fixed
f66fc914209e10fd2ec95ba45509f39285a23ad4

Affected versions

v1.*
v1.59.0
v1.59.1
v1.59.2
v1.59.3
v1.59.4
v1.60.0
v1.60.1
v1.61.0
v1.61.1
v1.61.2
v1.62.0
v1.62.1
v1.62.2
v1.63.0
v1.63.1
v1.64.0
v1.64.1
v1.64.2
v1.65.0
v1.65.1
v1.65.2
v1.65.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-7246.json"

Git / github.com/grpc/grpc-go

Affected ranges

Type
GIT
Repo
https://github.com/grpc/grpc-go
Events
Fixed
bf05b9558c16677e362d231120f8213eb276d406
Introduced
c68f4566b9cacdb11c42a6eb14ee66a33d9b7c12
Fixed
d32e66ce27447a0a217464a36fdd3935801c0453

Affected versions

v1.*
v1.63.0
v1.63.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-7246.json"

Git / github.com/grpc/grpc-java

Affected ranges

Type
GIT
Repo
https://github.com/grpc/grpc-java
Events
Introduced
eb8b1d8379008ab89cade89392d265bed90a2692
Fixed
41b192bb321ef3c67b06c8ee13f30a5c0e776f15
Introduced
48aa1b88550d6ddac1955407a5eac511e0ebbde0
Fixed
4e0116834af62e4a137dfaf39f0bbfb6d0e52ce6

Affected versions

v1.*
v1.60.0
v1.60.1
v1.63.0
v1.63.1

Database specific

vanir_signatures 
[
    {
        "signature_type": "Line",
        "source": "https://github.com/grpc/grpc-java/commit/41b192bb321ef3c67b06c8ee13f30a5c0e776f15",
        "target": {
            "file": "core/src/main/java/io/grpc/internal/GrpcUtil.java"
        },
        "id": "CVE-2024-7246-671aaa72",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "5234133516936529201855060918031647210",
                "247430101873655922080843031035733074532",
                "260976262506240152264252709226588657946",
                "94080777265677368108166552244982612317"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/grpc/grpc-java/commit/4e0116834af62e4a137dfaf39f0bbfb6d0e52ce6",
        "target": {
            "file": "core/src/main/java/io/grpc/internal/GrpcUtil.java"
        },
        "id": "CVE-2024-7246-e3e39def",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "278747810669085701660566511551627379020",
                "64807440934011919031643553310302048297",
                "322958372820145568909636653434589875234",
                "296051173635682802874341050146701286037"
            ]
        },
        "deprecated": false
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-7246.json"