Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Potential Denial of Service in gRPC HPACK Parser

SUSE-SU-2026:0840-1
Summary

The gRPC HPACK parser has a bug that could cause a server to consume excessive memory and CPU, potentially leading to a denial of service. This update fixes the issue to prevent this problem. To stay secure, update your gRPC software as soon as possible.

What to do
  • Update grpc to version 1.25.0-150200.3.10.1.
Affected software
VendorProductAffected versionsFix available
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
grpc <= 1.25.0-150200.3.10.1 1.25.0-150200.3.10.1
Original title
Security update for grpc
Original description
This update for grpc fixes the following issue:

- CVE-2023-33953: unbounded memory and CPU consumption in the HPACK parser leads to remote DoS (bsc#1214148).
Published: 6 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026