>From https://github.com/c-ares/c-ares/issues/496, it looks like ares_set_sortlist used to have a security issue but gRPC Core which gRPC C# is using doesn't call this function. Thus, gRPC is not affected by this issue.
On Wednesday, November 22, 2023 at 9:56:48 AM UTC-8 Sebas Mendez wrote: > Hi gRPC Team! > > I see the C# version in maintenance mode (v1.46.x) uses version 1.17.2, > which is impacted by CVE-2022-4904 (fixed in version 1.19). > Are there plans to upgrade the version included in gRPC? Or is it not > impacted by the c-ares vulnerability? > > - sebas > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/c242d626-a6fd-4da6-8b3a-4585884745a8n%40googlegroups.com.