CVE-2024-11407: Denial of Service through Data corruption in gRPC-C++
Published Nov 26, 2024
·Updated
Denial of Service through Data corruption in gRPC-C++
Affected Software
4 affected componentsFixes available
gRPC gRPC-C++>e9046b2bbebc0cb7f5dc42008f807
gRPC gRPC>=1.60.0<1.66.1
Microsoft azl3 grpc 1.62.3-1
Microsoft azl3 grpc 1.62.0-4
Remediation
Event History
Nov 26, 2024
CVE Published
via MITRE·04:59 PM
Data Sourced
via MITRE·04:59 PM
DescriptionWeakness
Data Sourced
via NVD·05:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Data Sourced
via Red Hat·06:01 PM
DescriptionSeverityAffected Software
Sep 4, 2025
Data Sourced
via Microsoft·04:47 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·04:47 AM
Affected Software
Updated
via Microsoft·04:47 AM
Affected Software
Updated
via Microsoft·04:47 AM
DescriptionSeverity
Frequently Asked Questions
1
What is the severity of CVE-2024-11407?
CVE-2024-11407 has been classified as a denial of service vulnerability due to potential data corruption in gRPC-C++.
2
How do I fix CVE-2024-11407?
To fix CVE-2024-11407, you should update to the latest version of gRPC-C++ that addresses this vulnerability.
3
What versions of gRPC-C++ are affected by CVE-2024-11407?
CVE-2024-11407 affects gRPC-C++ versions prior to the commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791.
4
What is the impact of CVE-2024-11407 on gRPC-C++ applications?
The impact of CVE-2024-11407 includes potential data corruption and denial of service in gRPC-C++ applications with transmit zero copy enabled.
5
Is there a workaround for CVE-2024-11407?
Currently, the recommended action for CVE-2024-11407 is to apply the latest updates, as there are no known effective workarounds.