Updated advisory posts against rubysec/ruby-advisory-db@4eed0d4

Author: jasnow

advisories/_posts/2023-09-13-CVE-2023-4785.md

@@ -0,0 +1,45 @@
+---
+layout: advisory
+title: 'CVE-2023-4785 (grpc): Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible
+  platforms)'
+comments: false
+categories:
+- grpc
+advisory:
+  gem: grpc
+  cve: 2023-4785
+  ghsa: p25m-jpj4-qcrr
+  url: https://groups.google.com/g/grpc-io/c/LlLkB1CeE4U
+  title: Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
+  date: 2023-09-13
+  description: |
+    Lack of error handling in the TCP server in Google's gRPC starting
+    version 1.23 on posix-compatible platforms (ex. Linux) allows an
+    attacker to cause a denial of service by initiating a significant
+    number of connections with the server.
+
+    Note that gRPC C++ Python, and Ruby are affected, but
+    gRPC Java and Go are NOT affected. 
+  cvss_v3: 7.5
+  unaffected_versions:
+  - "< 1.53.0"
+  patched_versions:
+  - "~> 1.53.2"
+  - "~> 1.54.3"
+  - "~> 1.55.3"
+  - ">= 1.56.2"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-4785
+    - https://groups.google.com/g/grpc-io/c/LlLkB1CeE4U
+    - https://rubygems.org/gems/grpc/versions/1.53.2
+    - https://rubygems.org/gems/grpc/versions/1.54.3
+    - https://rubygems.org/gems/grpc/versions/1.55.3
+    - https://rubygems.org/gems/grpc/versions/1.56.2
+    - https://github.com/grpc/grpc/pull/33656
+    - https://github.com/grpc/grpc/pull/33667
+    - https://github.com/grpc/grpc/pull/33669
+    - https://github.com/grpc/grpc/pull/33670
+    - https://github.com/grpc/grpc/pull/33672
+    - https://github.com/advisories/GHSA-p25m-jpj4-qcrr
+---