mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-17 18:59:53 +00:00
Code Issues Projects Releases Wiki Activity

python3-grpcio-tools: set status for CVE-2024-11407

Browse Source 
Analysis:
- CVE-2024-11407 [1] affects gRPC-C++ servers with transmit zero copy enabled.
- The upstream fix modifies gRPC core runtime source
  src/core/lib/event_engine/posix_engine/posix_endpoint.cc [2].
- python3-grpcio-tools does not include or compile this runtime source.
- Hence CVE-2024-11407 is not applicable to python3-grpcio-tools.

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-11407
[2] https://github.com/grpc/grpc/commit/e9046b2bbebc0cb7f5dc42008f807f6c7e98e791

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Sudhir Dumbhare
2026-06-04 07:39:09 -07:00
committed by Anuj Mittal
parent 90446e0fd3
commit 0cbca3f031
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-python/recipes-devtools/python/python3-grpcio-tools_1.62.2.bb
+1
View File
@@ -26,3 +26,4 @@ CVE_PRODUCT += "grpc:grpc"
CVE_STATUS[CVE-2026-33186] = "cpe-incorrect: this CVE is for golang version of grpc"
CVE_STATUS[CVE-2024-7246] = "not-applicable-config: the vulnerable gRPC C-core HPACK parser code is not present in grpcio-tools"
CVE_STATUS[CVE-2024-11407] = "not-applicable-config: CVE affects gRPC C++ server zero-copy transport code, which is not present in grpcio-tools"