Hi, Below please find the details of the vulnerability with an open PR - https://github.com/grpc/grpc/pull/19766 found by our system architect – Lev Pachmanov (CC’d).
The problem is in the src/core/lib/iomgr/tcp_server_custom.cc: tcp_server_add_port When the initializing of the socket object fails: grpc_custom_socket_vtable->init(socket, family); The error is value is not checked causing reference to an invalid pointer later in add_socket_to_server. We encountered this scenario running on a platform where getaddrinfo returns an IPv6 address while socket(AF_INET6, …) returns EAFNOSUPPORT. This vulnerability might be exploited using common null pointer dereferences<https://cwe.mitre.org/data/definitions/476.html>. Hope this helps. Uri + Lev From: "jiangtao via grpc.io" <[email protected]> Reply-To: "[email protected]" <[email protected]> Date: Wednesday, August 21, 2019 at 7:50 PM To: "grpc.io" <[email protected]> Subject: [grpc-io] Re: Report vulnerability Thank you very much for keeping us in the loop. Could you please email detailed vulnerabilities to the private [email protected] list? Production security engineers will evaluate the vulnerability within 3 workdays. gRPC CVE process can be found in https://github.com/grpc/proposal/blob/master/P4-grpc-cve-process.md Thanks, Jiangtao On Wednesday, August 21, 2019 at 3:18:58 AM UTC-7, [email protected] wrote: Hi, Our team has recently discovered a Null Pointer Dereference security vulnerability in gRPC. How do we disclose it and open a CVE. Thanks! -- You received this message because you are subscribed to a topic in the Google Groups "grpc.io" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/grpc-io/xAzkJAWBkmc/unsubscribe. To unsubscribe from this group and all its topics, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/e43d36ab-5a99-46bc-b654-a24ea984a6a8%40googlegroups.com<https://groups.google.com/d/msgid/grpc-io/e43d36ab-5a99-46bc-b654-a24ea984a6a8%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/SN4PR0501MB387090DC97CD06DB1FCD1419F0A60%40SN4PR0501MB3870.namprd05.prod.outlook.com.
