-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
transport: block reading frames when too many transport control frames are queued #2970
Conversation
…s are queued (#2970) Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood).
…s are queued (#2970) Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood).
full diff: grpc/grpc-go@v1.20.1...v1.23.0 This update contains security fixes: - transport: block reading frames when too many transport control frames are queued (grpc/grpc-go#2970) - Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Other changes can be found in the release notes: https://github.com/grpc/grpc-go/releases/tag/v1.23.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
Does this change alone fully fix the CVEs for the gRPC server or is the x/net/http2 change also required? golang/go#33606 |
@aaronbee if you are using a |
full diff: grpc/grpc-go@v1.20.1...v1.23.0 This update contains security fixes: - transport: block reading frames when too many transport control frames are queued (grpc/grpc-go#2970) - Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Other changes can be found in the release notes: https://github.com/grpc/grpc-go/releases/tag/v1.23.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
full diff: grpc/grpc-go@v1.20.1...v1.23.0 This update contains security fixes: - transport: block reading frames when too many transport control frames are queued (grpc/grpc-go#2970) - Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Other changes can be found in the release notes: https://github.com/grpc/grpc-go/releases/tag/v1.23.0 Signed-off-by: Sebastiaan van Stijn <[email protected]> Upstream-commit: f1cd79976a9acabbafd8a053f1bcb4581e43b7a8 Component: engine
full diff: grpc/grpc-go@v1.20.1...v1.23.0 This update contains security fixes: - transport: block reading frames when too many transport control frames are queued (grpc/grpc-go#2970) - Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Other changes can be found in the release notes: https://github.com/grpc/grpc-go/releases/tag/v1.23.0 Signed-off-by: Sebastiaan van Stijn <[email protected]> (cherry picked from commit f1cd799) Signed-off-by: Sebastiaan van Stijn <[email protected]>
full diff: grpc/grpc-go@v1.20.1...v1.23.0 This update contains security fixes: - transport: block reading frames when too many transport control frames are queued (grpc/grpc-go#2970) - Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Other changes can be found in the release notes: https://github.com/grpc/grpc-go/releases/tag/v1.23.0 Signed-off-by: Sebastiaan van Stijn <[email protected]> (cherry picked from commit f1cd79976a9acabbafd8a053f1bcb4581e43b7a8) Signed-off-by: Sebastiaan van Stijn <[email protected]> Upstream-commit: 5772636dc6526cb00085e2b61c3c71117940d83c Component: engine
full diff: grpc/grpc-go@v1.20.1...v1.23.0 This update contains security fixes: - transport: block reading frames when too many transport control frames are queued (grpc/grpc-go#2970) - Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Other changes can be found in the release notes: https://github.com/grpc/grpc-go/releases/tag/v1.23.0 Signed-off-by: Sebastiaan van Stijn <[email protected]> Signed-off-by: zach <[email protected]>
Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood).