Memory Allocation with Excessive Size Value
CVE-2024-37168
Summary
@grpc/grpc-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. In @grpc/grpc-js versions through 1.8.21, 1.9.0 through 1.9.14, and 1.10.0 through 1.10.8, there are two separate code paths in which memory can be allocated per message in excess of the "grpc.max_receive_message_length" channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- LOW
CWE-789 - Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
References
Advisory Timeline
- Published