2329003 – (CVE-2024-11407) CVE-2024-11407 grpc: Denial of Service through Data corruption in gRPC-C++

Bug 2329003 (CVE-2024-11407) - CVE-2024-11407 grpc: Denial of Service through Data corruption in gRPC-C++

Summary: CVE-2024-11407 grpc: Denial of Service through Data corruption in gRPC-C++

Keywords:
Status:	NEW
Alias:	CVE-2024-11407
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-11-26 18:01 UTC by OSIDB Bzimport
Modified:	2025-05-15 08:28 UTC (History)
CC List:	49 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:0340	None	None	None	2025-01-15 16:51:06 UTC
Red Hat Product Errata	RHSA-2025:0341	None	None	None	2025-01-15 19:35:27 UTC
Red Hat Product Errata	RHSA-2025:0722	None	None	None	2025-01-27 22:41:07 UTC
Red Hat Product Errata	RHSA-2025:1019	None	None	None	2025-02-04 16:14:54 UTC

Description OSIDB Bzimport 2024-11-26 18:01:15 UTC

There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791

Comment 5 errata-xmlrpc 2025-01-15 16:51:03 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 9
  Red Hat Ansible Automation Platform 2.5 for RHEL 8

Via RHSA-2025:0340 https://access.redhat.com/errata/RHSA-2025:0340

Comment 6 errata-xmlrpc 2025-01-15 19:35:23 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.5 for RHEL 8
  Red Hat Ansible Automation Platform 2.5 for RHEL 9

Via RHSA-2025:0341 https://access.redhat.com/errata/RHSA-2025:0341

Comment 7 errata-xmlrpc 2025-01-27 22:41:03 UTC

This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 8
  Red Hat Ansible Automation Platform 2.4 for RHEL 9

Via RHSA-2025:0722 https://access.redhat.com/errata/RHSA-2025:0722

Comment 8 errata-xmlrpc 2025-02-04 16:14:51 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.16 for RHEL 8
  Red Hat Satellite 6.16 for RHEL 9

Via RHSA-2025:1019 https://access.redhat.com/errata/RHSA-2025:1019

Note You need to log in before you can comment on or make changes to this bug.

amctagga
aoconnor
bdettelb
bniver
brking
caswilli
davidn
doconnor
ehelms
flucifre
ggainey
gmeno
gtanzill
haoli
hkataria
jcammara
jeder
jmitchel
jneedle
jtanner
juwatts
jwong
kaycoth
kegrant
kholdawa
koliveir
kshier
mabashia
mbenjamin
mhackett
mhulan
mminar
nmoumoul
pbraun
pcreech
rbiba
rchan
shvarugh
simaishi
smallamp
smcdonal
sostapov
sskracic
stcannon
teagle
tfister
thavo
vereddy
yguenane