The hpack tag on WindowsForum.com covers discussions about HPACK, the compression format used in HTTP/2 and gRPC. Content includes security vulnerabilities such as CVE-2023-33953, which describes flaws in gRPC's HPACK parser that can lead to denial-of-service via excessive memory allocation and CPU use. Topics also involve mitigations, patching strategies, and the impact on cloud-native services, proxies, and microservices. This tag is relevant for IT professionals and developers managing HTTP/2 or gRPC endpoints who need to address HPACK-related security issues.
-
gRPC’s HPACK parser contains a set of parsing/accounting flaws that allow a remote, unauthenticated attacker to force excessive memory allocation, trigger pathological CPU use, and in practice cause connection termination or full denial-of-service of gRPC endpoints unless libraries and products...