VulnerableCode Package Details - pkg:pypi/grpcio@1.0.0rc1

Search for packages

Vulnerability	Summary	Fixed by
VCID-9rmn-3anf-fqcm Aliases: CVE-2023-33953 GHSA-496j-2rq6-j6cc	Excessive Iteration in gRPC gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…	1.53.2 Affected by 0 other vulnerabilities. 1.54.3 Affected by 0 other vulnerabilities. 1.55.2 Affected by 0 other vulnerabilities. 1.55.3 Affected by 0 other vulnerabilities. 1.56.2 Affected by 0 other vulnerabilities.
VCID-bq9n-jd6r-7ffc Aliases: CVE-2017-8359 PYSEC-2017-101	Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.	1.3.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-9rmn-3anf-fqcm
Aliases:
CVE-2023-33953
GHSA-496j-2rq6-j6cc

Excessive Iteration in gRPC gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…

1.53.2
Affected by 0 other vulnerabilities.

1.54.3
Affected by 0 other vulnerabilities.

1.55.2
Affected by 0 other vulnerabilities.

1.55.3
Affected by 0 other vulnerabilities.

1.56.2
Affected by 0 other vulnerabilities.

VCID-bq9n-jd6r-7ffc
Aliases:
CVE-2017-8359
PYSEC-2017-101

Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.

1.3.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:35:59.097904+00:00	GitLab Importer	Affected by	VCID-9rmn-3anf-fqcm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/grpcio/CVE-2023-33953.yml	38.4.0
2026-04-11T23:55:11.379756+00:00	GitLab Importer	Affected by	VCID-9rmn-3anf-fqcm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/grpcio/CVE-2023-33953.yml	38.3.0
2026-04-02T23:58:18.434797+00:00	GitLab Importer	Affected by	VCID-9rmn-3anf-fqcm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/grpcio/CVE-2023-33953.yml	38.1.0
2026-04-01T14:59:51.824302+00:00	PyPI Importer	Affected by	VCID-bq9n-jd6r-7ffc	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T12:41:30.445018+00:00	Pypa Importer	Affected by	VCID-bq9n-jd6r-7ffc	https://github.com/pypa/advisory-database/blob/main/vulns/grpcio/PYSEC-2017-101.yaml	38.0.0