cve-2024-37168
Vulnerability from cvelistv5
Published
2024-06-10 21:32
Modified
2024-08-02 03:50
Severity ?
EPSS score ?
Summary
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:grpc:grpc:1.10.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "grpc", "vendor": "grpc", "versions": [ { "lessThan": "1.10.9", "status": "affected", "version": "1.10.0", "versionType": "custom" }, { "lessThan": "1.9.15", "status": "affected", "version": "1.9.0", "versionType": "custom" }, { "lessThan": "1.8.22", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-37168", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-11T14:03:13.988919Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-11T14:05:45.075Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:50:55.550Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86" }, { "name": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650" }, { "name": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3" }, { "name": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "grpc-node", "vendor": "grpc", "versions": [ { "status": "affected", "version": "\u003e= 1.10.0, \u003c 1.10.9" }, { "status": "affected", "version": "\u003e= 1.9.0, \u003c 1.9.15" }, { "status": "affected", "version": "\u003c 1.8.22" } ] } ], "descriptions": [ { "lang": "en", "value": "@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-789", "description": "CWE-789: Memory Allocation with Excessive Size Value", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T21:32:06.403Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86" }, { "name": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650" }, { "name": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3" }, { "name": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb" } ], "source": { "advisory": "GHSA-7v5v-9h63-cj86", "discovery": "UNKNOWN" }, "title": "@grpc/grpc-js can allocate memory for incoming messages well above configured limits" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-37168", "datePublished": "2024-06-10T21:32:06.403Z", "dateReserved": "2024-06-03T17:29:38.330Z", "dateUpdated": "2024-08-02T03:50:55.550Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-37168\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-06-10T22:15:12.433\",\"lastModified\":\"2024-11-21T09:23:20.993\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22.\\n\"},{\"lang\":\"es\",\"value\":\"@grpc/grps-js implementa la funcionalidad principal de gRPC exclusivamente en JavaScript, sin un complemento de C++. Antes de las versiones 1.10.9, 1.9.15 y 1.8.22, existen dos rutas de c\u00f3digo separadas en las que se puede asignar memoria por mensaje que exceda la opci\u00f3n de canal `grpc.max_receive_message_length`: si un mensaje entrante tiene un tama\u00f1o en el cable es mayor que el l\u00edmite configurado, todo el mensaje se almacena en el b\u00fafer antes de descartarlo; y/o si un mensaje entrante tiene un tama\u00f1o dentro del l\u00edmite del cable pero se descomprime a un tama\u00f1o mayor que el l\u00edmite, el mensaje completo se descomprime en la memoria y no se descarta en el servidor. Esto se ha parcheado en las versiones 1.10.9, 1.9.15 y 1.8.22.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-789\"}]}],\"references\":[{\"url\":\"https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.