{
  "threat_severity" : "Moderate",
  "public_date" : "2023-09-14T00:00:00Z",
  "bugzilla" : {
    "description" : "gRPC: file descriptor exhaustion leads to denial of service",
    "id" : "2239017",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2239017"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-248",
  "details" : [ "Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.", "A flaw was found in gRPC. Lack of error handling in the TCP server in Google's gRPC, starting in version 1.23 on POSIX-compatible platforms (for example, Linux), allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++, Python, and Ruby are affected, but gRPC Java and Go are NOT affected." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Satellite 6.14 for RHEL 8",
    "release_date" : "2024-02-13T00:00:00Z",
    "advisory" : "RHSA-2024:0797",
    "cpe" : "cpe:/a:redhat:satellite:6.14::el8",
    "package" : "rubygem-grpc-0:1.58.0-1.el8sat",
    "impact" : "moderate"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "grpc",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift4/ose-kuryr-cni-rhel8",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift4/ose-kuryr-controller-rhel8",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-4785\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4785\nhttps://github.com/advisories/GHSA-p25m-jpj4-qcrr\nhttps://github.com/grpc/grpc/pull/33656\nhttps://github.com/grpc/grpc/pull/33667\nhttps://github.com/grpc/grpc/pull/33669\nhttps://github.com/grpc/grpc/pull/33670\nhttps://github.com/grpc/grpc/pull/33672" ],
  "name" : "CVE-2023-4785",
  "csaw" : false
}