Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/grpcio@1.1.3
Typepypi
Namespace
Namegrpcio
Version1.1.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.53.2
Latest_non_vulnerable_version1.56.2
Affected_by_vulnerabilities
0
url VCID-9rmn-3anf-fqcm
vulnerability_id VCID-9rmn-3anf-fqcm
summary 
Excessive Iteration in gRPC
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:

- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser

The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.

The unbounded memory buffering bugs:

- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33953.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33953.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33953
reference_id
reference_type
scores
0
value 0.00116
scoring_system epss
scoring_elements 0.30187
published_at 2026-04-24T12:55:00Z
1
value 0.00116
scoring_system epss
scoring_elements 0.30353
published_at 2026-04-08T12:55:00Z
2
value 0.00116
scoring_system epss
scoring_elements 0.30345
published_at 2026-04-12T12:55:00Z
3
value 0.00116
scoring_system epss
scoring_elements 0.30389
published_at 2026-04-11T12:55:00Z
4
value 0.00116
scoring_system epss
scoring_elements 0.30438
published_at 2026-04-02T12:55:00Z
5
value 0.00116
scoring_system epss
scoring_elements 0.30484
published_at 2026-04-04T12:55:00Z
6
value 0.00116
scoring_system epss
scoring_elements 0.30294
published_at 2026-04-07T12:55:00Z
7
value 0.00116
scoring_system epss
scoring_elements 0.30387
published_at 2026-04-09T12:55:00Z
8
value 0.00116
scoring_system epss
scoring_elements 0.30252
published_at 2026-04-21T12:55:00Z
9
value 0.00116
scoring_system epss
scoring_elements 0.30297
published_at 2026-04-18T12:55:00Z
10
value 0.00116
scoring_system epss
scoring_elements 0.30314
published_at 2026-04-16T12:55:00Z
11
value 0.00116
scoring_system epss
scoring_elements 0.30298
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33953
2
reference_url https://cloud.google.com/support/bulletins#gcp-2023-022
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-27T17:54:21Z/
url https://cloud.google.com/support/bulletins#gcp-2023-022
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33953
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33953
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://security.snyk.io/vuln/SNYK-RUBY-GRPC-5834442
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-RUBY-GRPC-5834442
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059279
reference_id 1059279
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059279
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2230890
reference_id 2230890
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2230890
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33953
reference_id CVE-2023-33953
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33953
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-33953.yml
reference_id CVE-2023-33953.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-33953.yml
10
reference_url https://github.com/advisories/GHSA-496j-2rq6-j6cc
reference_id GHSA-496j-2rq6-j6cc
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-496j-2rq6-j6cc
11
reference_url https://access.redhat.com/errata/RHSA-2024:10761
reference_id RHSA-2024:10761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10761
fixed_packages
0
url pkg:pypi/grpcio@1.53.2
purl pkg:pypi/grpcio@1.53.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.53.2
1
url pkg:pypi/grpcio@1.54.3
purl pkg:pypi/grpcio@1.54.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.54.3
2
url pkg:pypi/grpcio@1.55.2
purl pkg:pypi/grpcio@1.55.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.55.2
3
url pkg:pypi/grpcio@1.55.3
purl pkg:pypi/grpcio@1.55.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.55.3
4
url pkg:pypi/grpcio@1.56.2
purl pkg:pypi/grpcio@1.56.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.56.2
aliases CVE-2023-33953, GHSA-496j-2rq6-j6cc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9rmn-3anf-fqcm
1
url VCID-bq9n-jd6r-7ffc
vulnerability_id VCID-bq9n-jd6r-7ffc
summary Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-8359
reference_id
reference_type
scores
0
value 0.01818
scoring_system epss
scoring_elements 0.82921
published_at 2026-04-24T12:55:00Z
1
value 0.01818
scoring_system epss
scoring_elements 0.829
published_at 2026-04-21T12:55:00Z
2
value 0.01818
scoring_system epss
scoring_elements 0.82795
published_at 2026-04-01T12:55:00Z
3
value 0.01818
scoring_system epss
scoring_elements 0.82811
published_at 2026-04-02T12:55:00Z
4
value 0.01818
scoring_system epss
scoring_elements 0.82825
published_at 2026-04-04T12:55:00Z
5
value 0.01818
scoring_system epss
scoring_elements 0.8282
published_at 2026-04-07T12:55:00Z
6
value 0.01818
scoring_system epss
scoring_elements 0.82846
published_at 2026-04-08T12:55:00Z
7
value 0.01818
scoring_system epss
scoring_elements 0.82852
published_at 2026-04-09T12:55:00Z
8
value 0.01818
scoring_system epss
scoring_elements 0.82868
published_at 2026-04-11T12:55:00Z
9
value 0.01818
scoring_system epss
scoring_elements 0.82863
published_at 2026-04-12T12:55:00Z
10
value 0.01818
scoring_system epss
scoring_elements 0.82859
published_at 2026-04-13T12:55:00Z
11
value 0.01818
scoring_system epss
scoring_elements 0.82898
published_at 2026-04-16T12:55:00Z
12
value 0.01818
scoring_system epss
scoring_elements 0.82897
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-8359
1
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=726
reference_id
reference_type
scores
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=726
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8359
3
reference_url https://github.com/grpc/grpc/commit/6544a2d5d9ecdb64214da1d228886a7d15bbf5c7
reference_id
reference_type
scores
url https://github.com/grpc/grpc/commit/6544a2d5d9ecdb64214da1d228886a7d15bbf5c7
4
reference_url https://github.com/grpc/grpc/pull/10353
reference_id
reference_type
scores
url https://github.com/grpc/grpc/pull/10353
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-8359
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2017-8359
6
reference_url https://pypi.org/project/grpcio
reference_id
reference_type
scores
url https://pypi.org/project/grpcio
7
reference_url http://www.securityfocus.com/bid/98280
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98280
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*
fixed_packages
0
url pkg:pypi/grpcio@1.3.0
purl pkg:pypi/grpcio@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9rmn-3anf-fqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.3.0
aliases CVE-2017-8359, PYSEC-2017-101
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bq9n-jd6r-7ffc
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/grpcio@1.1.3