Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2024-11407

Incorrect Calculation

Published: Nov 26, 2024 | Modified: Jul 23, 2025
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
5.3 MODERATE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-11407
CWEhttps://cwe.mitre.org/data/definitions/682.html

There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791

Weakness

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Affected Software

NameVendorStart VersionEnd Version
GrpcGrpc1.60.0 (including)1.66.1 (excluding)
Red Hat Ansible Automation Platform 2.4 for RHEL 8RedHatansible-automation-platform-24/lightspeed-rhel8-operator:2.4-33*
Red Hat Ansible Automation Platform 2.5 for RHEL 8RedHatautomation-controller-0:4.6.6-1.el8ap*
Red Hat Ansible Automation Platform 2.5 for RHEL 8RedHatansible-automation-platform-25/lightspeed-rhel8:2.5.250107-1*
Red Hat Ansible Automation Platform 2.5 for RHEL 9RedHatautomation-controller-0:4.6.6-1.el9ap*
Red Hat Satellite 6.16 for RHEL 8RedHatpython-grpcio-0:1.68.1-1.el8pc*
Red Hat Satellite 6.16 for RHEL 8RedHatpython-grpcio-0:1.68.1-1.el8pc*
Red Hat Satellite 6.16 for RHEL 9RedHatpython-grpcio-0:1.68.1-1.el9pc*
Red Hat Satellite 6.16 for RHEL 9RedHatpython-grpcio-0:1.68.1-1.el9pc*
GrpcUbuntufocal*
GrpcUbuntuoracular*
GrpcUbuntuplucky*

Potential Mitigations

  • Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
  • Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use