{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "dm-reverb-nightly",
"purl": "pkg:pypi/dm-reverb-nightly"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.15.0.dev20240214"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.11.0.dev20221208",
"0.11.0.dev20221209",
"0.11.0.dev20221210",
"0.11.0.dev20221211",
"0.11.0.dev20221212",
"0.11.0.dev20221213",
"0.11.0.dev20221214",
"0.11.0.dev20221215",
"0.11.0.dev20221216",
"0.11.0.dev20221217",
"0.11.0.dev20221218",
"0.11.0.dev20221220",
"0.11.0.dev20221221",
"0.11.0.dev20221222",
"0.11.0.dev20221223",
"0.11.0.dev20221224",
"0.11.0.dev20221225",
"0.11.0.dev20221226",
"0.11.0.dev20221227",
"0.11.0.dev20221228",
"0.11.0.dev20221229",
"0.11.0.dev20221230",
"0.11.0.dev20221231",
"0.11.0.dev20230101",
"0.11.0.dev20230102",
"0.11.0.dev20230103",
"0.11.0.dev20230104",
"0.11.0.dev20230105",
"0.11.0.dev20230106",
"0.11.0.dev20230107",
"0.11.0.dev20230108",
"0.11.0.dev20230109",
"0.11.0.dev20230111",
"0.11.0.dev20230112",
"0.11.0.dev20230113",
"0.11.0.dev20230114",
"0.11.0.dev20230115",
"0.11.0.dev20230116",
"0.11.0.dev20230117",
"0.11.0.dev20230118",
"0.11.0.dev20230119",
"0.11.0.dev20230120",
"0.11.0.dev20230121",
"0.11.0.dev20230122",
"0.11.0.dev20230123",
"0.11.0.dev20230124",
"0.11.0.dev20230125",
"0.11.0.dev20230126",
"0.11.0.dev20230127",
"0.11.0.dev20230128",
"0.11.0.dev20230129",
"0.11.0.dev20230202",
"0.11.0.dev20230203",
"0.11.0.dev20230204",
"0.11.0.dev20230205",
"0.11.0.dev20230206",
"0.11.0.dev20230207",
"0.11.0.dev20230208",
"0.11.0.dev20230209",
"0.11.0.dev20230210",
"0.11.0.dev20230211",
"0.11.0.dev20230212",
"0.11.0.dev20230213",
"0.11.0.dev20230214",
"0.11.0.dev20230215",
"0.11.0.dev20230218",
"0.11.0.dev20230219",
"0.11.0.dev20230220",
"0.11.0.dev20230221",
"0.11.0.dev20230222",
"0.11.0.dev20230223",
"0.11.0.dev20230224",
"0.11.0.dev20230225",
"0.11.0.dev20230226",
"0.11.0.dev20230227",
"0.11.0.dev20230228",
"0.11.0.dev20230301",
"0.11.0.dev20230302",
"0.11.0.dev20230303",
"0.11.0.dev20230304",
"0.11.0.dev20230305",
"0.11.0.dev20230306",
"0.11.0.dev20230307",
"0.11.0.dev20230308",
"0.11.0.dev20230309",
"0.11.0.dev20230310",
"0.11.0.dev20230311",
"0.11.0.dev20230314",
"0.11.0.dev20230315",
"0.11.0.dev20230316",
"0.11.0.dev20230317",
"0.11.0.dev20230318",
"0.11.0.dev20230319",
"0.11.0.dev20230320",
"0.11.0.dev20230321",
"0.11.0.dev20230322",
"0.11.0.dev20230323",
"0.11.0.dev20230324",
"0.11.0.dev20230325",
"0.11.0.dev20230326",
"0.11.0.dev20230327",
"0.11.0.dev20230328",
"0.11.0.dev20230329",
"0.11.0.dev20230330",
"0.11.0.dev20230331",
"0.11.0.dev20230401",
"0.11.0.dev20230402",
"0.11.0.dev20230403",
"0.11.0.dev20230404",
"0.11.0.dev20230405",
"0.11.0.dev20230406",
"0.11.0.dev20230407",
"0.11.0.dev20230409",
"0.11.0.dev20230410",
"0.11.0.dev20230411",
"0.11.0.dev20230412",
"0.11.0.dev20230413",
"0.11.0.dev20230422",
"0.11.0.dev20230424",
"0.11.0.dev20230429",
"0.11.0.dev20230430",
"0.11.0.dev20230501",
"0.11.0.dev20230502",
"0.11.0.dev20230503",
"0.11.0.dev20230504",
"0.11.0.dev20230505",
"0.11.0.dev20230506",
"0.11.0.dev20230507",
"0.11.0.dev20230508",
"0.11.0.dev20230509",
"0.11.0.dev20230510",
"0.11.0.dev20230511",
"0.11.0.dev20230512",
"0.11.0.dev20230513",
"0.11.0.dev20230514",
"0.11.0.dev20230515",
"0.11.0.dev20230516",
"0.11.0.dev20230517",
"0.11.0.dev20230518",
"0.11.0.dev20230519",
"0.11.0.dev20230520",
"0.11.0.dev20230521",
"0.11.0.dev20230522",
"0.11.0.dev20230523",
"0.11.0.dev20230524",
"0.11.0.dev20230525",
"0.11.0.dev20230526",
"0.11.0.dev20230527",
"0.11.0.dev20230528",
"0.11.0.dev20230529",
"0.11.0.dev20230530",
"0.11.0.dev20230531",
"0.11.0.dev20230601",
"0.11.0.dev20230602",
"0.11.0.dev20230603",
"0.11.0.dev20230604",
"0.11.0.dev20230605",
"0.11.0.dev20230607",
"0.11.0.dev20230608",
"0.11.0.dev20230609",
"0.11.0.dev20230610",
"0.11.0.dev20230611",
"0.11.0.dev20230612",
"0.11.0.dev20230613",
"0.11.0.dev20230614",
"0.11.0.dev20230615",
"0.11.0.dev20230616",
"0.11.0.dev20230617",
"0.11.0.dev20230618",
"0.11.0.dev20230619",
"0.11.0.dev20230620",
"0.11.0.dev20230621",
"0.11.0.dev20230622",
"0.11.0.dev20230623",
"0.11.0.dev20230624",
"0.11.0.dev20230625",
"0.11.0.dev20230626",
"0.11.0.dev20230627",
"0.11.0.dev20230630",
"0.11.0.dev20230701",
"0.11.0.dev20230702",
"0.11.0.dev20230703",
"0.11.0.dev20230704",
"0.11.0.dev20230705",
"0.11.0.dev20230706",
"0.11.0.dev20230707",
"0.11.0.dev20230719",
"0.13.0.dev20230720",
"0.13.0.dev20230721",
"0.13.0.dev20230722",
"0.13.0.dev20230723",
"0.13.0.dev20230724",
"0.13.0.dev20230726",
"0.13.0.dev20230727",
"0.13.0.dev20230728",
"0.13.0.dev20230729",
"0.13.0.dev20230730",
"0.13.0.dev20230731",
"0.13.0.dev20230801",
"0.13.0.dev20230802",
"0.13.0.dev20230803",
"0.13.0.dev20230804",
"0.13.0.dev20230805",
"0.13.0.dev20230806",
"0.13.0.dev20230807",
"0.13.0.dev20230808",
"0.13.0.dev20230809",
"0.13.0.dev20230810",
"0.13.0.dev20230811",
"0.13.0.dev20230812",
"0.13.0.dev20230813",
"0.13.0.dev20230814",
"0.13.0.dev20230815",
"0.13.0.dev20230816",
"0.13.0.dev20230817",
"0.13.0.dev20230819",
"0.13.0.dev20230820",
"0.13.0.dev20230821",
"0.13.0.dev20230822",
"0.13.0.dev20230823",
"0.13.0.dev20230824",
"0.13.0.dev20230825",
"0.13.0.dev20230826",
"0.13.0.dev20230827",
"0.13.0.dev20230828",
"0.13.0.dev20230829",
"0.13.0.dev20230830",
"0.13.0.dev20230831",
"0.13.0.dev20230901",
"0.13.0.dev20230902",
"0.13.0.dev20230903",
"0.13.0.dev20230928",
"0.14.0.dev20231010",
"0.14.0.dev20231011",
"0.14.0.dev20231012",
"0.14.0.dev20231013",
"0.14.0.dev20231014",
"0.14.0.dev20231015",
"0.14.0.dev20231016",
"0.14.0.dev20231017",
"0.14.0.dev20231018",
"0.14.0.dev20231019",
"0.14.0.dev20231020",
"0.14.0.dev20231021",
"0.14.0.dev20231022",
"0.14.0.dev20231023",
"0.14.0.dev20231024",
"0.14.0.dev20231025",
"0.14.0.dev20231026",
"0.14.0.dev20231027",
"0.14.0.dev20231028",
"0.14.0.dev20231029",
"0.14.0.dev20231030",
"0.14.0.dev20231207",
"0.14.0.dev20231208",
"0.14.0.dev20231209",
"0.14.0.dev20231210",
"0.14.0.dev20231211",
"0.14.0.dev20231212",
"0.14.0.dev20231213",
"0.14.0.dev20231214",
"0.14.0.dev20231215",
"0.14.0.dev20231216",
"0.14.0.dev20231217",
"0.14.0.dev20231218",
"0.14.0.dev20231219",
"0.14.0.dev20231220",
"0.14.0.dev20231221",
"0.14.0.dev20231222",
"0.14.0.dev20231223",
"0.14.0.dev20231224",
"0.14.0.dev20231225",
"0.14.0.dev20231226",
"0.14.0.dev20231227",
"0.14.0.dev20231228",
"0.14.0.dev20231229",
"0.14.0.dev20231230",
"0.14.0.dev20231231",
"0.14.0.dev20240101",
"0.14.0.dev20240102",
"0.14.0.dev20240103",
"0.14.0.dev20240104",
"0.14.0.dev20240105",
"0.14.0.dev20240106",
"0.14.0.dev20240107",
"0.14.0.dev20240108",
"0.14.0.dev20240109",
"0.14.0.dev20240111",
"0.14.0.dev20240112",
"0.14.0.dev20240113",
"0.14.0.dev20240114",
"0.14.0.dev20240115",
"0.14.0.dev20240116",
"0.14.0.dev20240117",
"0.14.0.dev20240118",
"0.14.0.dev20240119",
"0.14.0.dev20240120",
"0.14.0.dev20240121",
"0.14.0.dev20240122",
"0.14.0.dev20240123",
"0.14.0.dev20240124",
"0.14.0.dev20240125",
"0.14.0.dev20240126",
"0.14.0.dev20240127",
"0.14.0.dev20240128",
"0.14.0.dev20240129",
"0.15.0.dev20240130",
"0.15.0.dev20240131",
"0.15.0.dev20240201",
"0.15.0.dev20240202",
"0.15.0.dev20240203",
"0.15.0.dev20240204",
"0.15.0.dev20240205",
"0.15.0.dev20240206",
"0.15.0.dev20240207",
"0.15.0.dev20240208",
"0.15.0.dev20240209",
"0.15.0.dev20240210",
"0.15.0.dev20240211",
"0.15.0.dev20240212",
"0.15.0.dev20240213",
"0.15.0.dev20240214",
"0.9.0.dev20220701",
"0.9.0.dev20220702",
"0.9.0.dev20220703",
"0.9.0.dev20220704",
"0.9.0.dev20220705",
"0.9.0.dev20220706",
"0.9.0.dev20220707",
"0.9.0.dev20220708",
"0.9.0.dev20220709",
"0.9.0.dev20220710",
"0.9.0.dev20220711",
"0.9.0.dev20220712",
"0.9.0.dev20220713",
"0.9.0.dev20220714",
"0.9.0.dev20220715",
"0.9.0.dev20220716",
"0.9.0.dev20220717",
"0.9.0.dev20220718",
"0.9.0.dev20220719",
"0.9.0.dev20220720",
"0.9.0.dev20220721",
"0.9.0.dev20220722",
"0.9.0.dev20220723",
"0.9.0.dev20220724",
"0.9.0.dev20220725",
"0.9.0.dev20220728",
"0.9.0.dev20220729",
"0.9.0.dev20220730",
"0.9.0.dev20220731",
"0.9.0.dev20220801",
"0.9.0.dev20220802",
"0.9.0.dev20220803",
"0.9.0.dev20220804",
"0.9.0.dev20220805",
"0.9.0.dev20220806",
"0.9.0.dev20220807",
"0.9.0.dev20220808",
"0.9.0.dev20220809",
"0.9.0.dev20220812",
"0.9.0.dev20220813",
"0.9.0.dev20220814",
"0.9.0.dev20220815",
"0.9.0.dev20220816",
"0.9.0.dev20220817",
"0.9.0.dev20220827",
"0.9.0.dev20220828",
"0.9.0.dev20220829",
"0.9.0.dev20220830",
"0.9.0.dev20220831",
"0.9.0.dev20220901",
"0.9.0.dev20220908",
"0.9.0.dev20220909",
"0.9.0.dev20220910",
"0.9.0.dev20220911",
"0.9.0.dev20220912",
"0.9.0.dev20220913",
"0.9.0.dev20220914",
"0.9.0.dev20220915",
"0.9.0.dev20220916",
"0.9.0.dev20220917",
"0.9.0.dev20220918",
"0.9.0.dev20220919",
"0.9.0.dev20220920",
"0.9.0.dev20220921",
"0.9.0.dev20220922",
"0.9.0.dev20220923",
"0.9.0.dev20220924",
"0.9.0.dev20220925",
"0.9.0.dev20220926",
"0.9.0.dev20220927",
"0.9.0.dev20220930",
"0.9.0.dev20221001",
"0.9.0.dev20221002",
"0.9.0.dev20221003",
"0.9.0.dev20221004",
"0.9.0.dev20221005",
"0.9.0.dev20221006",
"0.9.0.dev20221007",
"0.9.0.dev20221008",
"0.9.0.dev20221009",
"0.9.0.dev20221010",
"0.9.0.dev20221011",
"0.9.0.dev20221012",
"0.9.0.dev20221013",
"0.9.0.dev20221014",
"0.9.0.dev20221015",
"0.9.0.dev20221016",
"0.9.0.dev20221017",
"0.9.0.dev20221018",
"0.9.0.dev20221019",
"0.9.0.dev20221020",
"0.9.0.dev20221021",
"0.9.0.dev20221022",
"0.9.0.dev20221023",
"0.9.0.dev20221024",
"0.9.0.dev20221025",
"0.9.0.dev20221026",
"0.9.0.dev20221027",
"0.9.0.dev20221028",
"0.9.0.dev20221029",
"0.9.0.dev20221030",
"0.9.0.dev20221031",
"0.9.0.dev20221101",
"0.9.0.dev20221102",
"0.9.0.dev20221103",
"0.9.0.dev20221104",
"0.9.0.dev20221105",
"0.9.0.dev20221106",
"0.9.0.dev20221107",
"0.9.0.dev20221108",
"0.9.0.dev20221109",
"0.9.0.dev20221110",
"0.9.0.dev20221111",
"0.9.0.dev20221115",
"0.9.0.dev20221116",
"0.9.0.dev20221117",
"0.9.0.dev20221118",
"0.9.0.dev20221119",
"0.9.0.dev20221120",
"0.9.0.dev20221121",
"0.9.0.dev20221122",
"0.9.0.dev20221123",
"0.9.0.dev20221125",
"0.9.0.dev20221126",
"0.9.0.dev20221127",
"0.9.0.dev20221128",
"0.9.0.dev20221129",
"0.9.0.dev20221130",
"0.9.0.dev20221201",
"0.9.0.dev20221202",
"0.9.0.dev20221203",
"0.9.0.dev20221204",
"0.9.0.dev20221205",
"0.9.0.dev20221206",
"0.9.0.dev20221207"
]
}
],
"aliases": [
"CVE-2024-8375",
"GHSA-w69q-w4h4-2fx8"
],
"details": "There exists a use after free vulnerability in Reverb.\u00a0Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance. Afterwards, Reverb copies the content in tensor_content\u00a0to the previously mentioned pre-allocated memory, which results in the bytes in tensor_content\u00a0overwriting the vtable pointers of all the objects which were previously allocated.\u00a0Reverb exposes 2 relevant gRPC endpoints: InsertStream and SampleStream. The attacker can insert this stream into the server\u2019s database, then when the client next calls SampleStream they will unpack the tensor into RAM, and when any method on that object is called (including its destructor) the attacker gains control of the Program Counter. We recommend upgrading past git commit\u00a0 https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25",
"id": "PYSEC-2026-1306",
"modified": "2026-07-07T17:24:02.517195Z",
"published": "2026-07-07T14:34:42.150231Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8375"
},
{
"type": "WEB",
"url": "https://github.com/google-deepmind/reverb/issues/141"
},
{
"type": "WEB",
"url": "https://github.com/google-deepmind/reverb/commit/6a0dcf4c9e842b7f999912f792aaa6f6bd261a25"
},
{
"type": "PACKAGE",
"url": "https://github.com/google-deepmind/reverb"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/dm-reverb-nightly"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-w69q-w4h4-2fx8"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Reverb use after free vulnerability"
}