{"id":"CVE-2017-8359","details":"Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.","aliases":["PYSEC-2017-101"],"modified":"2026-05-18T11:32:30.431123Z","published":"2017-04-30T17:59:00.997Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98280"},{"type":"FIX","url":"https://github.com/grpc/grpc/pull/10353"},{"type":"EVIDENCE","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=726"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/grpc/grpc","events":[{"introduced":"0"},{"last_affected":"c25267fd7dc3d549ef8aace4909c95eac9b0cca9"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.2.1"}],"cpe":"cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"}}],"versions":["v1.2.1","v1.2.0","v1.2.0-pre2","release-0_9_1-objectivec-0.5.1","release-0_9_0","release-0_6_0","release-0_6","release_test"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8359.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/grpc/grpc-go","events":[{"introduced":"0"},{"last_affected":"8050b9cbc271307e5a716a9d782803d09b0d6f2d"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.2.1"}],"cpe":"cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"}}],"versions":["v1.2.1","v1.2.0","v1.0.5","v1.0.4","v1.0.3","v1.0.2","v1.0.1-GA","v1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8359.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/grpc/grpc-kotlin","events":[{"introduced":"0"},{"last_affected":"5fb5efffb108d71e711ae92548c32c69b6439eff"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.2.1"}],"cpe":"cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"}}],"versions":["v1.2.1","v1.2.0","v1.1.0","v1.0.0","v0.2.1","v0.2.0","v0.1.5","v0.1.4","v0.1.3","v0.1.2","v0.1.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8359.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/grpc/grpc-node","events":[{"introduced":"0"},{"last_affected":"98376f0ac604da54957d545abe4bb01b5255b73d"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.2.1"}],"cpe":"cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"}}],"versions":["@grpc/grpc-js-xds@1.2.1","@grpc/grpc-js-xds@1.2.0","@grpc/grpc-js@1.2.5","@grpc/grpc-js@1.2.4","@grpc/grpc-js@1.2.3","@grpc/grpc-js@1.2.0","@grpc/grpc-js@1.1.6","@grpc/grpc-js@1.1.4","@grpc/grpc-js@1.1.3","grpc-tools@1.9.1","@grpc/grpc-js@1.1.2","@grpc/grpc-js@1.1.0","grpc@1.24.3","@grpc/grpc-js@1.0.5","@grpc/grpc-js@1.0.2","grpc-tools@1.9.0","@grpc/grpc-js@1.0.4","@grpc/grpc-js@1.0.3","@grpc/grpc-js@1.0.0","@grpc/grpc-js@0.7.9","@grpc/grpc-js@0.8.1","@grpc/grpc-js@0.8.0","@grpc/grpc-js@0.7.6","@grpc/grpc-js@0.7.5","@grpc/proto-loader@0.5.4","@grpc/grpc-js@0.7.2","@grpc/grpc-js@0.7.1","@grpc/grpc-js@0.7.0","@grpc/grpc-js@0.6.18","@grpc/grpc-js@0.6.12","@grpc/grpc-js@0.6.5","grpc@1.23.4","@grpc/grpc-js@0.6.4","@grpc/grpc-js@0.6.3","@grpc/grpc-js@0.6.2","@grpc/grpc-js@0.6.1","@grpc/grpc-js@0.6.0","@grpc/grpc-js@0.5.3","@grpc/proto-loader@0.5.2","@grpc/grpc-js@0.5.0","@grpc/grpc-js@0.5.2","@grpc/grpc-js@0.5.1","grpc-tools@1.8.0","@grpc/grpc-js@0.4.3","@grpc/grpc-js@0.4.2","@grpc/proto-loader@0.5.1","@grpc/grpc-js@0.4.0","@grpc/proto-loader@0.5.0","grpc-tools@1.7.2","@grpc/grpc-js@0.3.6","grpc-tools@1.7.0","@grpc/proto-loader@0.4.0","@grpc/grpc-js@0.3.4","@grpc/grpc-js@0.3.3","@grpc/grpc-js@0.3.1","@grpc/grpc-js@0.3.0","@grpc/proto-loader@0.3.0","@grpc/grpc-js@0.2.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8359.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/grpc/grpc-web","events":[{"introduced":"0"},{"last_affected":"3d921fffb7ce29f03329e411711d0751328c761a"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.2.1"}],"cpe":"cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*"}}],"versions":["1.2.1","1.2.0","1.1.0","1.1.0-rc.1","1.0.7","1.0.6","1.0.5","1.0.4","1.0.3","1.0.2","1.0.1","1.0.0","0.4.0","0.3.0","0.2.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8359.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}