VulnerableCode Package Details - pkg:deb/debian/grpc@0?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-61xa-2pun-n3c9	Connection confusion in gRPC When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.	CVE-2023-32731 GHSA-cfgp-2977-2fmm
VCID-6g6x-9wx8-uqa5	grpc: Denial of Service through Data corruption in gRPC-C++	CVE-2024-11407
VCID-qatb-my8j-b3hr	gRPC Reachable Assertion issue There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.	CVE-2023-1428 GHSA-6628-q6j9-w8vg

Vulnerability

Summary

Aliases

VCID-61xa-2pun-n3c9

Connection confusion in gRPC When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.

CVE-2023-32731
GHSA-cfgp-2977-2fmm

VCID-6g6x-9wx8-uqa5

grpc: Denial of Service through Data corruption in gRPC-C++

CVE-2024-11407

VCID-qatb-my8j-b3hr

gRPC Reachable Assertion issue There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.

CVE-2023-1428
GHSA-6628-q6j9-w8vg

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-23T05:40:31.489108+00:00	Debian Importer	Fixing	VCID-6g6x-9wx8-uqa5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:18:44.806030+00:00	Debian Importer	Fixing	VCID-qatb-my8j-b3hr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:51:36.288173+00:00	Debian Importer	Fixing	VCID-61xa-2pun-n3c9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:25:17.424326+00:00	Debian Importer	Fixing	VCID-qatb-my8j-b3hr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:57:00.656036+00:00	Debian Importer	Fixing	VCID-61xa-2pun-n3c9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:26:06.167308+00:00	Debian Importer	Fixing	VCID-6g6x-9wx8-uqa5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:26:06.039312+00:00	Debian Importer	Fixing	VCID-61xa-2pun-n3c9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:26:05.990906+00:00	Debian Importer	Fixing	VCID-qatb-my8j-b3hr	https://security-tracker.debian.org/tracker/data/json	38.1.0