Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-bdhr-ffbq-vye1
Vulnerability ID VCID-bdhr-ffbq-vye1
Aliases CVE-2023-4785
GHSA-p25m-jpj4-qcrr
Summary Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms) Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-248 Uncaught Exception
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4785.json
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2023-4785
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-p25m-jpj4-qcrr
cvssv3.1 7.5 https://github.com/grpc/grpc/pull/33656
generic_textual HIGH https://github.com/grpc/grpc/pull/33656
ssvc Track https://github.com/grpc/grpc/pull/33656
cvssv3.1 7.5 https://github.com/grpc/grpc/pull/33667
generic_textual HIGH https://github.com/grpc/grpc/pull/33667
ssvc Track https://github.com/grpc/grpc/pull/33667
cvssv3.1 7.5 https://github.com/grpc/grpc/pull/33669
generic_textual HIGH https://github.com/grpc/grpc/pull/33669
ssvc Track https://github.com/grpc/grpc/pull/33669
cvssv3.1 7.5 https://github.com/grpc/grpc/pull/33670
generic_textual HIGH https://github.com/grpc/grpc/pull/33670
ssvc Track https://github.com/grpc/grpc/pull/33670
cvssv3.1 7.5 https://github.com/grpc/grpc/pull/33672
generic_textual HIGH https://github.com/grpc/grpc/pull/33672
ssvc Track https://github.com/grpc/grpc/pull/33672
cvssv3.1 7.5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-4785.yml
generic_textual HIGH https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-4785.yml
cvssv3 7.5 https://groups.google.com/g/grpc-io/c/LlLkB1CeE4U
cvssv3.1 7.5 https://groups.google.com/g/grpc-io/c/LlLkB1CeE4U
generic_textual HIGH https://groups.google.com/g/grpc-io/c/LlLkB1CeE4U
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-4785
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-4785
cvssv3.1 7.5 https://rubygems.org/gems/grpc/versions/1.53.2
generic_textual HIGH https://rubygems.org/gems/grpc/versions/1.53.2
cvssv3.1 7.5 https://rubygems.org/gems/grpc/versions/1.54.3
generic_textual HIGH https://rubygems.org/gems/grpc/versions/1.54.3
cvssv3.1 7.5 https://rubygems.org/gems/grpc/versions/1.55.3
generic_textual HIGH https://rubygems.org/gems/grpc/versions/1.55.3
cvssv3.1 7.5 https://rubygems.org/gems/grpc/versions/1.56.2
generic_textual HIGH https://rubygems.org/gems/grpc/versions/1.56.2
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4785.json
https://api.first.org/data/v1/epss?cve=CVE-2023-4785
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/grpc/grpc/pull/33656
https://github.com/grpc/grpc/pull/33667
https://github.com/grpc/grpc/pull/33669
https://github.com/grpc/grpc/pull/33670
https://github.com/grpc/grpc/pull/33672
https://groups.google.com/g/grpc-io/c/LlLkB1CeE4U
https://rubygems.org/gems/grpc/versions/1.53.2
https://rubygems.org/gems/grpc/versions/1.54.3
https://rubygems.org/gems/grpc/versions/1.55.3
https://rubygems.org/gems/grpc/versions/1.56.2
1059281 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059281
2239017 https://bugzilla.redhat.com/show_bug.cgi?id=2239017
CVE-2023-4785 https://nvd.nist.gov/vuln/detail/CVE-2023-4785
CVE-2023-4785.YML https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-4785.yml
GHSA-p25m-jpj4-qcrr https://github.com/advisories/GHSA-p25m-jpj4-qcrr
RHSA-2024:0797 https://access.redhat.com/errata/RHSA-2024:0797
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4785.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/grpc/grpc/pull/33656
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:02:01Z/ Found at https://github.com/grpc/grpc/pull/33656
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/grpc/grpc/pull/33667
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:02:01Z/ Found at https://github.com/grpc/grpc/pull/33667
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/grpc/grpc/pull/33669
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:02:01Z/ Found at https://github.com/grpc/grpc/pull/33669
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/grpc/grpc/pull/33670
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:02:01Z/ Found at https://github.com/grpc/grpc/pull/33670
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/grpc/grpc/pull/33672
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-25T18:02:01Z/ Found at https://github.com/grpc/grpc/pull/33672
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/grpc/CVE-2023-4785.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://groups.google.com/g/grpc-io/c/LlLkB1CeE4U
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4785
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://rubygems.org/gems/grpc/versions/1.53.2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://rubygems.org/gems/grpc/versions/1.54.3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://rubygems.org/gems/grpc/versions/1.55.3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://rubygems.org/gems/grpc/versions/1.56.2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.13307
EPSS Score 0.00042
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T21:01:52.647068+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/grpc/CVE-2023-4785.yml 38.6.0