Google gRPC CVE-2017-7860 Heap Buffer Overflow Vulnerability

Google gRPC is prone to a heap-based buffer overflow vulnerability.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition.

Information

Bugtraq ID: 97695
Class: Boundary Condition Error
CVE: CVE-2017-7860

Remote: Yes
Local: No
Published: Apr 14 2017 12:00AM
Updated: Apr 17 2017 06:07PM
Credit: Monor
Vulnerable: Google gRPC 0

Not Vulnerable:

References:

• Google Homepage (Google)
  
• Introducing gRPC, a new open source HTTP/2 RPC Framework (GoogleBlog)
  
• Fixed Heap-buffer-overflow in parse_unix via clusterfuzz #9833 (Github)
  
• grpc: Heap-buffer-overflow in parse_unix (Chromium)
  

Source: www.securityfocus.com