PT-2024-16964 · Google+2 · Grpc-C+++2

Vignesh2208

Published

2024-11-26

Updated

2025-07-23

CVE-2024-11407

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions gRPC-C++ versions prior to commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791

Description The issue is related to a denial of service through data corruption in gRPC-C++. Servers with transmit zero copy enabled through the channel argument GRPC ARG TCP TX ZEROCOPY ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network, thus leading the receiver to receive an incorrect set of bytes, causing RPC requests to fail.

Recommendations For gRPC-C++ versions prior to commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791, we recommend upgrading past this commit to resolve the issue. As a temporary workaround, consider disabling the transmit zero copy feature by setting GRPC ARG TCP TX ZEROCOPY ENABLED to 0 until a patch is available. Restrict access to the GRPC ARG TCP TX ZEROCOPY ENABLED channel argument to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-682

Related Identifiers

AZL-53456

CVE-2024-11407

ECHO-F4E8-DDE8-D71E

OESA-2024-2573

OPENSUSE-SU-2024_4393-1

OPENSUSE-SU-2024_4400-1

OPENSUSE-SU-2024_4401-1

OPENSUSE-SU-2024_4428-1

OPENSUSE-SU-2024_4429-1

OPENSUSE-SU-2024_4436-1

OPENSUSE-SU-2025:15031-1

RHSA-2025:0340

RHSA-2025:1019

SUSE-SU-2024:4393-1

SUSE-SU-2024:4400-1

SUSE-SU-2024:4401-1

SUSE-SU-2024:4428-1

SUSE-SU-2024:4429-1

SUSE-SU-2024:4436-1

SUSE-SU-2024_4393-1

SUSE-SU-2024_4400-1

SUSE-SU-2024_4401-1

SUSE-SU-2024_4428-1

SUSE-SU-2024_4429-1

SUSE-SU-2024_4436-1

Affected Products

Debian

Suse

Grpc-C++

PT-2024-16964 · Google+2 · Grpc-C+++2

CVE-2024-11407

Weakness Enumeration

Related Identifiers

Affected Products

References · 33