What is CVE-2024-7246?

CVE-2024-7246 is a vulnerability in Google Grpc, classified under Expected Behavior Violation. Published 2024-08-06.

Is CVE-2024-7246 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Google Grpc

CVE-2024-7246

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients H…

EPSS: 0.000 (11.6th percentile) — read the EPSS interpretation.

Affected products

Google Grpc — versions 1.53.0, 1.53.1, 1.53.2

Weakness classification (CWE)

CWE-440 — Expected Behavior Violation

Public proof-of-concept exploits

franzheffa/video-search-and-summarization-viize
gil-feldman-glidetalk/video-search-and-summarization
rmkraus/video-search-and-summarization

References

github.com/grpc/grpc/issues/36245

Frequently asked questions

What is CVE-2024-7246?: CVE-2024-7246 is a vulnerability in Google Grpc, classified under Expected Behavior Violation. Published 2024-08-06.
Is CVE-2024-7246 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.