x/vulndb: potential Go vuln in github.com/grpc/grpc: CVE-2023-32732

[GoVulnBot]

CVE-2023-32732 references github.com/grpc/grpc, which may be a Go module.

Description:
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  grpc/grpc#32309 https://www.google.com/url

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-32732
• JSON: https://github.com/CVEProject/cvelist/tree/d7e32be7573de4aa3808f24e3c0c7ccd60e74d6c/2023/32xxx/CVE-2023-32732.json
• fix: [http2] Dont drop connections on metadata limit exceeded grpc/grpc#32309
• Imported by: https://pkg.go.dev/github.com/grpc/grpc?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/grpc/grpc
      packages:
        - package: gRPC
description: "gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url \n\n"
cves:
    - CVE-2023-32732
references:
    - fix: https://github.com/grpc/grpc/pull/32309

[neild]

C++, not Go.

[gopherbot]

Change https://go.dev/cl/503837 mentions this issue: data/excluded: batch add 21 excluded reports