A bug in the gRPC-Go server was identified, which would allow clients to cause servers to allocate up to 16MB of memory per connection, which could cause the server to run out of memory and crash. The impact of this issue should be limited if you are already limiting the number of simultaneous connections on your server (for example with a netutil.LimitListener <https://godoc.org/golang.org/x/net/netutil>), which is typically recommended. The fix for this issue was made in PR #3018 <https://github.com/grpc/grpc-go/pull/3018> and has been included in the following releases: v1.23.1 <https://github.com/grpc/grpc-go/releases/tag/v1.23.1> and v1.22.3 <https://github.com/grpc/grpc-go/releases/tag/v1.22.3>. Please update your servers at the earliest.
-- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/69cf70b7-a9aa-45ee-80d4-25fc7a5f43ee%40googlegroups.com.
