Dgquintas

**Name of the Vulnerable Software and Affected Versions** Google gRPC versions prior to 2017-03-29 **Description** The issue is caused by a heap-based use-after-free related to the `grpc call destroy` function in core/lib/surface/call.c, resulting in an out-of-bounds write. **Recommendations** For Google gRPC versions prior to 2017-03-29, update to a version released after 2017-03-29 to resolve the issue. As a temporary workaround, consider restricting access to the `grpc call destroy` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google gRPC before 2017-02-22 **Description** The issue is related to an out-of-bounds write in the `gpr free` function in `core/lib/support/alloc.c`. This can lead to memory corruption and potentially allow a remote attacker to execute arbitrary code on the target system using a specially crafted file. **Recommendations** For Google gRPC versions before 2017-02-22, update to a version released after 2017-02-22 to resolve the issue. As a temporary workaround, consider restricting access to the `gpr free` function in `core/lib/support/alloc.c` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google gRPC versions prior to 2017-02-22 **Description** The issue is related to an out-of-bounds write caused by a heap-based buffer overflow in the parse unix function in core/ext/client channel/parse address.c. This can lead to memory corruption and potentially allow a remote attacker to execute arbitrary code in the system. **Recommendations** For Google gRPC versions prior to 2017-02-22, update to a version released after 2017-02-22 to resolve the issue. As a temporary workaround, consider restricting access to the parse unix function until a patch is available.