Security update for grpc SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0840-1 Final 1 1 2026-03-06T11:36:18Z current 2026-03-06T11:36:18Z 2026-03-06T11:36:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for grpc This update for grpc fixes the following issue: - CVE-2023-33953: unbounded memory and CPU consumption in the HPACK parser leads to remote DoS (bsc#1214148). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-840,SUSE-SLE-Module-Basesystem-15-SP7-2026-840,SUSE-SLE-Module-Public-Cloud-15-SP4-2026-840,SUSE-SLE-Module-Public-Cloud-15-SP5-2026-840,SUSE-SLE-Module-Public-Cloud-15-SP6-2026-840,SUSE-SLE-Module-Public-Cloud-15-SP7-2026-840,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-840,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-840,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-840,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-840,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-840,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-840,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-840,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-840,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-840,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-840 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260840-1/ Link for SUSE-SU-2026:0840-1 https://lists.suse.com/pipermail/sle-security-updates/2026-March/024639.html E-Mail link for SUSE-SU-2026:0840-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1214148 SUSE Bug 1214148 https://www.suse.com/security/cve/CVE-2023-33953/ SUSE CVE CVE-2023-33953 page SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Public Cloud 15 SP4 SUSE Linux Enterprise Module for Public Cloud 15 SP5 SUSE Linux Enterprise Module for Public Cloud 15 SP6 SUSE Linux Enterprise Module for Public Cloud 15 SP7 SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server 15 SP6-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6 grpc-devel-1.25.0-150200.3.10.1 grpc-source-1.25.0-150200.3.10.1 libgrpc++1-1.25.0-150200.3.10.1 libgrpc8-1.25.0-150200.3.10.1 python2-grpcio-1.25.0-150200.3.10.1 python3-grpcio-1.25.0-150200.3.10.1 libgrpc++1-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libgrpc8-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libgrpc++1-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libgrpc8-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libgrpc++1-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libgrpc8-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libgrpc++1-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libgrpc8-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libgrpc8-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 python3-grpcio-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP4 libgrpc8-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP5 python3-grpcio-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP5 python3-grpcio-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP6 python3-grpcio-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP7 libgrpc++1-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libgrpc8-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libgrpc++1-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libgrpc8-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libgrpc8-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Server 15 SP6-LTSS libgrpc++1-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libgrpc8-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libgrpc++1-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libgrpc8-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libgrpc8-1.25.0-150200.3.10.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0's can be added at the start of an integer. gRPC's hpack parser needed to read all of them before concluding a parse. - gRPC's metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc... CVE-2023-33953 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libgrpc++1-1.25.0-150200.3.10.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libgrpc8-1.25.0-150200.3.10.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libgrpc++1-1.25.0-150200.3.10.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libgrpc8-1.25.0-150200.3.10.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libgrpc++1-1.25.0-150200.3.10.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libgrpc8-1.25.0-150200.3.10.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libgrpc++1-1.25.0-150200.3.10.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libgrpc8-1.25.0-150200.3.10.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libgrpc8-1.25.0-150200.3.10.1 SUSE Linux Enterprise Module for Public Cloud 15 SP4:python3-grpcio-1.25.0-150200.3.10.1 SUSE Linux Enterprise Module for Public Cloud 15 SP5:libgrpc8-1.25.0-150200.3.10.1 SUSE Linux Enterprise Module for Public Cloud 15 SP5:python3-grpcio-1.25.0-150200.3.10.1 SUSE Linux Enterprise Module for Public Cloud 15 SP6:python3-grpcio-1.25.0-150200.3.10.1 SUSE Linux Enterprise Module for Public Cloud 15 SP7:python3-grpcio-1.25.0-150200.3.10.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libgrpc++1-1.25.0-150200.3.10.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libgrpc8-1.25.0-150200.3.10.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libgrpc++1-1.25.0-150200.3.10.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libgrpc8-1.25.0-150200.3.10.1 SUSE Linux Enterprise Server 15 SP6-LTSS:libgrpc8-1.25.0-150200.3.10.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libgrpc++1-1.25.0-150200.3.10.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libgrpc8-1.25.0-150200.3.10.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libgrpc++1-1.25.0-150200.3.10.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libgrpc8-1.25.0-150200.3.10.1 SUSE Linux Enterprise Server for SAP Applications 15 SP6:libgrpc8-1.25.0-150200.3.10.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260840-1/ https://www.suse.com/security/cve/CVE-2023-33953.html CVE-2023-33953 https://bugzilla.suse.com/1214148 SUSE Bug 1214148