x/vulndb: potential Go vuln in github.com/grpc/grpc: CVE-2017-7861

[tatianab]

CVE-2017-7861 references github.com/grpc/grpc, which may be a Go module.

Description:
Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2017-7861
• web: http://www.securityfocus.com/bid/97694
• report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=655
• fix: Fixed Heap-buffer-overflow in parse_unix via clusterfuzz grpc/grpc#9833
• Imported by: https://pkg.go.dev/github.com/grpc/grpc?tab=importedby

Cross references:

• Module github.com/grpc/grpc appears in issue x/vulndb: potential Go vuln in github.com/grpc/grpc: CVE-2023-32731 #1847 NOT_GO_CODE
• Module github.com/grpc/grpc appears in issue x/vulndb: potential Go vuln in github.com/grpc/grpc: CVE-2023-32732 #1848 NOT_GO_CODE
• Module github.com/grpc/grpc appears in issue x/vulndb: potential Go vuln in github.com/grpc/grpc: CVE-2023-4785 #2062 NOT_GO_CODE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/grpc/grpc
      vulnerable_at: 1.59.2
      packages:
        - package: n/a
cves:
    - CVE-2017-7861
references:
    - web: http://www.securityfocus.com/bid/97694
    - report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=655
    - fix: https://github.com/grpc/grpc/pull/9833

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports