ByteOS Network

NVD Vulnerability Details :

CVE-2024-47609

Awaiting Analysis

Source-security-advisories@github.com

Published At-01 Oct, 2024 | 21:15

Updated At-04 Oct, 2024 | 13:50

Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that were not covered correctly causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green
Secondary	3.1	0.0	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-755	Primary	security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/hyperium/tonic/commit/a4472a86f3290e60c7c01348b7e6a8164d6e7e48	security-advisories@github.com	N/A
https://github.com/hyperium/tonic/issues/1897	security-advisories@github.com	N/A
https://github.com/hyperium/tonic/security/advisories/GHSA-4jwc-w2hc-78qv	security-advisories@github.com	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History