GHSA SYNC: 1 brand new advisory

Author: jasnow

gems/grpc/CVE-2023-33953.yml

@@ -0,0 +1,47 @@
+---
+gem: grpc
+cve: 2023-33953
+ghsa: 496j-2rq6-j6cc
+url: https://github.com/advisories/GHSA-496j-2rq6-j6cc
+title: Excessive Iteration in gRPC
+date: 2023-08-09
+description: |
+  gRPC contains a vulnerability that allows hpack table accounting
+  errors could lead to unwanted disconnects between clients and
+  servers in exceptional cases/ Three vectors were found that allow
+  the following DOS attacks:
+
+  - Unbounded memory buffering in the HPACK parser
+  - Unbounded CPU consumption in the HPACK parser
+
+  The unbounded CPU consumption is down to a copy that occurred
+  per-input-block in the parser, and because that could be unbounded
+  due to the memory copy bug we end up with an O(n^2) parsing loop,
+  with n selected by the client.
+
+  The unbounded memory buffering bugs:
+
+  - The header size limit check was behind the string reading code,
+    so we needed to first buffer up to a 4 gigabyte string before
+    rejecting it as longer than 8 or 16kb.
+
+  - HPACK varints have an encoding quirk whereby an infinite number
+    of 0’s can be added at the start of an integer. gRPC’s hpack
+    parser needed to read all of them before concluding a parse.
+
+  - gRPC’s metadata overflow check was performed per frame, so that
+    the following sequence of frames could cause infinite buffering:
+    HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION:
+    containing a: 3 etc…
+cvss_v3: 7.5
+patched_versions:
+  - "~> 1.53.2"
+  - "~> 1.54.3"
+  - "~> 1.55.2"
+  - ">= 1.56.2"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-33953
+    - https://cloud.google.com/support/bulletins#gcp-2023-022
+    - https://security.snyk.io/vuln/SNYK-RUBY-GRPC-5834442
+    - https://github.com/advisories/GHSA-496j-2rq6-j6cc