GHSA-4rhq-vq24-88gw

Source

https://github.com/advisories/GHSA-4rhq-vq24-88gw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-4rhq-vq24-88gw/GHSA-4rhq-vq24-88gw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4rhq-vq24-88gw

Aliases

CVE-2021-36154

Published

2023-05-22T20:29:44Z

Modified

2023-11-08T04:06:12.290998Z

Summary

Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec

Details

Impact

Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service.

Patches

The problem has been fixed in 1.2.0.

Workarounds

No workaround is available. Users must upgrade.

Database specific

{
    "nvd_published_at": "2021-07-09T12:15:00Z",
    "cwe_ids": [
        "CWE-674"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-22T20:29:44Z"
}

References

Affected packages

SwiftURL / github.com/grpc/grpc-swift

Package

Name: github.com/grpc/grpc-swift
Purl: pkg:swift/github.com/grpc/grpc-swift

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.0