How severe is CVE-2024-7246?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-7246?

This is classified as CWE-440, which is a common weakness in software security.

CVE-2024-7246 - MEDIUM Severity | CVSS N/A

Vulnerability Description

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table. Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.

Related Vulnerabilities

CVE-2019-6569

CRITICAL

CVSS:9.1(Critical)

The monitor barrier of the affected products insufficiently blocks data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious p...

CWE-4402019

CVE-2024-32971

CRITICAL

CVSS:9.0(Critical)

Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumst...

CWE-4402024

CVE-2018-12550

HIGH

CVSS:8.1(High)

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though...

CWE-4402018

CVE-2023-4807

HIGH

CVSS:7.8(High)

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_6...

CWE-4402023

CVE-2022-3281

HIGH

CVSS:7.5(High)

WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filtering after reboot. This may allow an remote...

CWE-4402022

CVE-2023-32731

HIGH

CVSS:7.5(High)

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of...

CWE-4402023