CVE-2024-47609

MEDIUM Year: 2024
Weakness Type
CWE-755
View all →

Vulnerability Description

Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that were not covered correctly causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix.

Related Vulnerabilities

CVE-2009-5043

CRITICAL
CVSS:9.8(Critical)

burn allows file names to escape via mishandled quotation marks

CWE-7552009

CVE-2017-2877

CRITICAL
CVSS:9.8(Critical)

A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attac...

CWE-7552017

CVE-2017-5638

CRITICAL
CVSS:9.8(Critical)

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows re...

CWE-7552017

CVE-2018-19991

CRITICAL
CVSS:9.8(Critical)

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-20...

CWE-7552018

CVE-2019-12815

CRITICAL
CVSS:9.8(Critical)

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.

CWE-7552019

CVE-2019-14431

CRITICAL
CVSS:9.8(Critical)

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseS...

CWE-7552019