AIKIDO-2026-301024
grpc is vulnerable to Use After Free
59
Medium Risk
This Affects:
grpcTL;DR
The Ruby grpc gem bundles gRPC Core, which maintains a global map of GrpcXdsClient instances keyed by pointers into each client object. When an entry's refcount reaches zero and a replacement client is created for the same key, updating the map could leave the key pointing at freed memory and trigger a use-after-free crash. Concurrent channel creation and teardown in xDS-enabled applications can hit this race and terminate the process. The fix removes zero-refcount entries before inserting a new client and adds regression tests for the stale-key lifetime bug.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range and your application uses gRPC xDS client features where channels may be created and torn down concurrently.
Background info
grpc is vulnerable to Use After Free in versions 1.81.0 - 1.81.0.
How to fix this
Upgrade the grpc library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant