Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/dm-reverb@0.14.0

Type pypi

Namespace

Name dm-reverb

Version 0.14.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-wdnx-443a-rbe9

vulnerability_id

VCID-wdnx-443a-rbe9

summary

There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance. Afterwards, Reverb copies the content in tensor_content to the previously mentioned pre-allocated memory, which results in the bytes in tensor_content overwriting the vtable pointers of all the objects which were previously allocated. Reverb exposes 2 relevant gRPC endpoints: InsertStream and SampleStream. The attacker can insert this stream into the server’s database, then when the client next calls SampleStream they will unpack the tensor into RAM, and when any method on that object is called (including its destructor) the attacker gains control of the Program Counter. We recommend upgrading past git commit https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8375

reference_id

reference_type

scores

value	0.00032
scoring_system	epss
scoring_elements	0.0997
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8375

reference_url

https://github.com/google-deepmind/reverb

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/google-deepmind/reverb

reference_url

https://github.com/google-deepmind/reverb/issues/141

reference_id

141

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:02:31Z/

url

https://github.com/google-deepmind/reverb/issues/141

reference_url

https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25

reference_id

6a0dcf4c9e842b7f999912f792aaa6f6bd261a25

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:02:31Z/

url

https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-8375

reference_id

CVE-2024-8375

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

value	5.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-8375

reference_url

https://github.com/advisories/GHSA-w69q-w4h4-2fx8

reference_id

GHSA-w69q-w4h4-2fx8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w69q-w4h4-2fx8

fixed_packages

aliases

CVE-2024-8375, GHSA-w69q-w4h4-2fx8

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-wdnx-443a-rbe9

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/dm-reverb@0.14.0

Package Instance