[GHSA-cfgp-2977-2fmm] Connection confusion in gRPC

[picatz]

Updates

• Affected products

Comments
The Go Vuln DB team has clarified this vulnerability doesn't impact the Go gRPC implementation. The related issues for the advisory (grpc/grpc#32309 and grpc/grpc#33005) impact the C++ code, but Go's gRPC implementation uses its own Go-based HTTP/2 stack.

Additional information:

• x/vulndb: potential Go vuln in github.com/grpc/grpc: CVE-2023-32731 golang/vulndb#1847
• https://cloud.google.com/support/bulletins#gcp-2023-010

[picatz]

Looks like this is actually a duplicate of #2473, please feel free to close this PR in favor of that one. But, I'll leave this one open temporarily for the extra visibility.

[advisory-database]

Hi @picatz! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!