CVE-2023-33953 is a high-severity vulnerability in gRPC's HPACK parser that allows a remote, unauthenticated attacker to cause excessive memory allocation and pathological CPU usage via crafted HTTP/2 frames. This can lead to connection termination or full denial-of-service of gRPC endpoints. The flaw affects libraries and products that embed gRPC, which is widely used in cloud-native stacks, service meshes, proxies, public APIs, and microservices. Mitigations require patching gRPC libraries. On WindowsForum.com, discussions cover the background, impact, and steps to address CVE-2023-33953 in Windows and enterprise environments.
-
gRPC’s HPACK parser contains a set of parsing/accounting flaws that allow a remote, unauthenticated attacker to force excessive memory allocation, trigger pathological CPU use, and in practice cause connection termination or full denial-of-service of gRPC endpoints unless libraries and products...