Memory Allocation with Excessive Size Value

CVE-2024-37168

Medium

5.3/10

Summary

@grpc/grpc-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. In @grpc/grpc-js versions through 1.8.21, 1.9.0 through 1.9.14, and 1.10.0 through 1.10.8, there are two separate code paths in which memory can be allocated per message in excess of the "grpc.max_receive_message_length" channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-789 - Memory Allocation with Excessive Size Value

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

References

Advisory

Advisory Timeline

Published Jun 10, 2024

Memory Allocation with Excessive Size Value

CVE-2024-37168

Summary

CWE-789 - Memory Allocation with Excessive Size Value

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS