Data Corruption Issues Due to Zero Copy Enablement in gRPC-C++ Servers
CVE-2024-11407

7.5HIGH

Key Information:

Vendor

Grpc

Status
Grpc-c++
Vendor
CVE Published:
26 November 2024

What is CVE-2024-11407?

A vulnerability exists in gRPC-C++ where servers with transmit zero copy enabled may experience data corruption. This issue can lead to incorrect bytes being sent over the network, resulting in failure of Remote Procedure Call (RPC) requests. It is recommended that users upgrade to a version past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 to mitigate this risk.

Affected Version(s)

gRPC-C++ 1.60.0 <= 1.66.1

References

https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc4...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.