{"id":"PYSEC-2017-101","details":"Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.","aliases":["CVE-2017-8359"],"modified":"2023-11-08T03:59:27.803334Z","published":"2017-04-30T17:59:00Z","references":[{"type":"WEB","url":"https://github.com/grpc/grpc/pull/10353"},{"type":"FIX","url":"https://github.com/grpc/grpc/commit/6544a2d5d9ecdb64214da1d228886a7d15bbf5c7"},{"type":"WEB","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=726"},{"type":"WEB","url":"http://www.securityfocus.com/bid/98280"},{"type":"PACKAGE","url":"https://pypi.org/project/grpcio"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-8359"}],"affected":[{"package":{"name":"grpcio","ecosystem":"PyPI","purl":"pkg:pypi/grpcio"},"ranges":[{"type":"GIT","repo":"https://github.com/grpc/grpc","events":[{"introduced":"0"},{"fixed":"6544a2d5d9ecdb64214da1d228886a7d15bbf5c7"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0"}]}],"versions":["0.10.0a0","0.11.0b0","0.11.0b1","0.12.0b0","0.12.0b8","0.13.0","0.13.1","0.13.1rc1","0.14.0","0.14.0rc1","0.15.0","0.3.0","0.4.0","0.4.0a0","0.4.0a1","0.4.0a13","0.4.0a14","0.4.0a2","0.4.0a3","0.4.0a4","0.4.0a5","0.4.0a6","0.4.0a7","0.4.0a8","0.5.0a0","0.5.0a1","0.5.0a2","0.9.0a0","0.9.0a1","1.0.0","1.0.0rc1","1.0.0rc2","1.0.1","1.0.1rc1","1.0.2","1.0.3","1.0.4","1.1.0","1.1.3","1.2.0","1.2.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/grpcio/PYSEC-2017-101.yaml"}}],"schema_version":"1.7.3"}