{"id":"CVE-2023-1428","details":"There exists an vulnerability causing an abort() to be called in gRPC. \nThe following headers cause gRPC's C++ implementation to abort() when called via http2:\n\nte: x (x != trailers)\n\n:scheme: x (x != http, https)\n\ngrpclb_client_stats: x (x == anything)\n\nOn top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.\n\n","aliases":["GHSA-6628-q6j9-w8vg"],"modified":"2026-04-12T08:34:17.670138Z","published":"2023-06-09T11:15:09.200Z","related":["CGA-7mrf-f5v6-gp6f"],"references":[{"type":"FIX","url":"https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/grpc/grpc","events":[{"introduced":"fb01bb12456d015d9e4b7b8ebf2e8a7c803e96ad"},{"fixed":"358bfb581feeda5bf17dd3b96da1074d84a6ef8d"},{"fixed":"2485fa94bd8a723e5c977d55a3ce10b301b437f8"}],"database_specific":{"versions":[{"introduced":"1.51.0"},{"fixed":"1.53.0"}]}}],"database_specific":{"vanir_signatures_modified":"2026-04-12T08:34:17Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1428.json","vanir_signatures":[{"signature_version":"v1","signature_type":"Line","id":"CVE-2023-1428-92a6729a","digest":{"line_hashes":["77917777258970324137091572071526349858","313965056587240481305108022514032655139","327942460876962120776632160960094872524","319499281142633736843584522608260061550","221476168521612255346409415188569777926","219191431682892297756968210528234109178","29065409360241060735445284276661961567","124477756047082237877087743219816045193","295267686395818852424067489111555122289","267870824821823095641852076205149287760","190120333878596716159437050437378710906","201256118375080535627866627220441042220"],"threshold":0.9},"deprecated":false,"source":"https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8","target":{"file":"src/core/lib/transport/metadata_batch.h"}},{"signature_version":"v1","signature_type":"Line","id":"CVE-2023-1428-ac2d0e5f","digest":{"line_hashes":["248602510802292964769421408036676393273","95784582260700503370689081483009089704","150246024246185734988961442473965001239","129475932549979751744539667166528603028"],"threshold":0.9},"deprecated":false,"source":"https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8","target":{"file":"src/core/ext/transport/chttp2/transport/hpack_parser.cc"}},{"signature_version":"v1","signature_type":"Line","id":"CVE-2023-1428-cf3e28f7","digest":{"line_hashes":["296793851486459924260521861757811068285","79856173466137552161301557830167225091","160921107675916528917926446055468807851"],"threshold":0.9},"deprecated":false,"source":"https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8","target":{"file":"src/core/lib/transport/metadata_batch.cc"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}