Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-37168
Awaiting Analysis
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-10 Jun, 2024 | 22:15
Updated At-11 Jun, 2024 | 13:54

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-789Secondarysecurity-advisories@github.com
CWE ID: CWE-789
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650security-advisories@github.com
N/A
https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3security-advisories@github.com
N/A
https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdbsecurity-advisories@github.com
N/A
https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86security-advisories@github.com
N/A
Hyperlink: https://github.com/grpc/grpc-node/commit/08b0422dae56467ecae1007e899efe66a8c4a650
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/grpc/grpc-node/commit/674f4e351a619fd4532f84ae6dff96b8ee4e1ed3
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/grpc/grpc-node/commit/a8a020339c7eab1347a343a512ad17a4aea4bfdb
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/grpc/grpc-node/security/advisories/GHSA-7v5v-9h63-cj86
Source: security-advisories@github.com
Resource: N/A
Change History
0Changes found
Details not found