Whilst the code was certainly in the build, the experiment enabling it was disabled in 1.59 - so without extra effort to enable said experiment that version is safe.
On Fri, Jan 17, 2025 at 1:27 PM 'Erin McNulty' via grpc.io < grpc-io@googlegroups.com> wrote: > Hi all, > > The record for CVE-2024-11407 > <https://www.cve.org/CVERecord?id=CVE-2024-11407> states that gRPC > versions 1.60.0 through 1.66.1 are affected by this vulnerability, but it > appears that the affected code appears on v1.59.x as well (link > <https://github.com/grpc/grpc/blob/b22b8e6c8855f958afda436d9f1def216085d505/src/core/lib/event_engine/posix_engine/posix_endpoint.cc#L242> > ). > > Is the record for the CVE incomplete? Or is there another factor that > makes v1.59.x safe from this CVE? > > Thanks, > - Erin McNulty > > -- > You received this message because you are subscribed to the Google Groups " > grpc.io" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to grpc-io+unsubscr...@googlegroups.com. > To view this discussion visit > https://groups.google.com/d/msgid/grpc-io/ab7ee579-64e0-4f46-9445-eb6495826e73n%40googlegroups.com > <https://groups.google.com/d/msgid/grpc-io/ab7ee579-64e0-4f46-9445-eb6495826e73n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/grpc-io/CAAvp3oOJQ8Ou-DTLOfYAQ-%3DyWSg56LAMJEfLRb4FA0iu75aC5g%40mail.gmail.com.
smime.p7s
Description: S/MIME Cryptographic Signature
