VulnerableCode Package Details - pkg:deb/debian/grpc@1.51.1-9?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
VCID-6g6x-9wx8-uqa5 Aliases: CVE-2024-11407	grpc: Denial of Service through Data corruption in gRPC-C++	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-6g6x-9wx8-uqa5
Aliases:
CVE-2024-11407

grpc: Denial of Service through Data corruption in gRPC-C++

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-61xa-2pun-n3c9	Connection confusion in gRPC When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.	CVE-2023-32731 GHSA-cfgp-2977-2fmm
VCID-bq9n-jd6r-7ffc	Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.	CVE-2017-8359 PYSEC-2017-101
VCID-dyab-3gwk-suf9	Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.	CVE-2017-9431
VCID-qatb-my8j-b3hr	gRPC Reachable Assertion issue There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.	CVE-2023-1428 GHSA-6628-q6j9-w8vg
VCID-qkwt-r35t-g3hx	Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.	CVE-2017-7860
VCID-zn55-fgv7-bbfv	Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.	CVE-2017-7861

Vulnerability

Summary

Aliases

VCID-61xa-2pun-n3c9

Connection confusion in gRPC When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.

CVE-2023-32731
GHSA-cfgp-2977-2fmm

VCID-bq9n-jd6r-7ffc

Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.

CVE-2017-8359
PYSEC-2017-101

VCID-dyab-3gwk-suf9

Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.

CVE-2017-9431

VCID-qatb-my8j-b3hr

gRPC Reachable Assertion issue There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.

CVE-2023-1428
GHSA-6628-q6j9-w8vg

VCID-qkwt-r35t-g3hx

Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.

CVE-2017-7860

VCID-zn55-fgv7-bbfv

Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.

CVE-2017-7861

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-23T05:40:31.466259+00:00	Debian Importer	Affected by	VCID-6g6x-9wx8-uqa5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-23T05:40:31.432827+00:00	Debian Importer	Fixing	VCID-61xa-2pun-n3c9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-23T05:40:31.390296+00:00	Debian Importer	Fixing	VCID-qatb-my8j-b3hr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-23T05:40:31.345874+00:00	Debian Importer	Fixing	VCID-dyab-3gwk-suf9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-23T05:40:31.296259+00:00	Debian Importer	Fixing	VCID-bq9n-jd6r-7ffc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-23T05:40:31.252876+00:00	Debian Importer	Fixing	VCID-zn55-fgv7-bbfv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-23T05:40:31.201704+00:00	Debian Importer	Fixing	VCID-qkwt-r35t-g3hx	https://security-tracker.debian.org/tracker/data/json	38.4.0