mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-17 06:50:07 +00:00
Code Issues Projects Releases Wiki Activity

python3-grpcio-tools: set status for CVE-2024-7246

Browse Source 
Analysis:
- CVE-2024-7246 [4] affects gRPC-C++ CHTTP2 HPACK parser error handling.
- The upstream fix from v1.62.3 [1] modifies gRPC core runtime source
  src/core/ext/transport/chttp2/transport/hpack_parser.cc.
  aligned with the original fix in v1.60.2 [2] as referenced in [3].
- python3-grpcio-tools does not include or compile this runtime source.
- Hence CVE-2024-7246 is not applicable to python3-grpcio-tools.

[1] https://github.com/grpc/grpc/commit/1d172cfca56440889ca32ae516b8c2767321f5b5
[2] https://github.com/grpc/grpc/commit/88b1244fd43e81860baa60cc7fb3945a2cca0d11
[3] https://bugzilla.suse.com/show_bug.cgi?id=1228919
[4] https://nvd.nist.gov/vuln/detail/CVE-2024-7246

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Sudhir Dumbhare
2026-06-04 07:39:07 -07:00
committed by Anuj Mittal
parent 483bf9ea00
commit 90446e0fd3
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-python/recipes-devtools/python/python3-grpcio-tools_1.62.2.bb
+1
View File
@@ -25,3 +25,4 @@ BBCLASSEXTEND = "native nativesdk"
CVE_PRODUCT += "grpc:grpc"
CVE_STATUS[CVE-2026-33186] = "cpe-incorrect: this CVE is for golang version of grpc"
CVE_STATUS[CVE-2024-7246] = "not-applicable-config: the vulnerable gRPC C-core HPACK parser code is not present in grpcio-tools"