GHSA-rxmj-hg9v-vp3p

Source

https://github.com/advisories/GHSA-rxmj-hg9v-vp3p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-rxmj-hg9v-vp3p/GHSA-rxmj-hg9v-vp3p.json

Aliases

CVE-2021-36155

Published

2023-06-09T19:32:11Z

Modified

2023-11-08T04:06:12.352759Z

Summary

Uncontrolled Resource Consumption in LengthPrefixedMessageReader

Details

Impact

Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated when parsing messages. This can lead to a denial of service.

Patches

The problem has been fixed in 1.2.0.

Workarounds

No workaround is available. Users must upgrade.

References

https://github.com/grpc/grpc-swift/security/advisories/GHSA-rxmj-hg9v-vp3p
https://nvd.nist.gov/vuln/detail/CVE-2021-36155
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35303
https://github.com/grpc/grpc-swift
https://github.com/grpc/grpc-swift/releases/tag/1.2.0

Affected packages

SwiftURL / github.com/grpc/grpc-swift

Package

Name: github.com/grpc/grpc-swift

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.2.0