CVE-2024-25629

140 views
Skip to first unread message

Aleksander Sajber

unread,
Feb 25, 2025, 9:55:49 AMFeb 25
to grpc.io
Hello,
gRPC is currently using a vulnerable version of c-ares (1.19.1), as noted in CVE-2024-25629.
  1. Is gRPC affected by CVE-2024-25629?
  2.  Is there a plan to upgrade c-ares?
    Regards,
    Aleksander Sajber

Aleksander Sajber

unread,
Apr 14, 2025, 2:42:06 AMApr 14
to grpc.io
Hi,
Is there any update on this matter?

Regards,
Aleksander

veb...@google.com

unread,
May 15, 2025, 4:45:33 PMMay 15
to grpc.io
Hi,

Our assessment indicates that gRPC is not affected by this vulnerability; therefore, an immediate upgrade is not planned for this purpose.

Regards,
Esun.

Reply all
Reply to author
Forward
0 new messages