GHSA-rxmj-hg9v-vp3p

Source

https://github.com/advisories/GHSA-rxmj-hg9v-vp3p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-rxmj-hg9v-vp3p/GHSA-rxmj-hg9v-vp3p.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rxmj-hg9v-vp3p

Aliases

CVE-2021-36155

Published

2023-06-09T19:32:11Z

Modified

2023-11-08T04:06:12.352759Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Uncontrolled Resource Consumption in LengthPrefixedMessageReader

Details

Impact

Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated when parsing messages. This can lead to a denial of service.

Patches

The problem has been fixed in 1.2.0.

Workarounds

No workaround is available. Users must upgrade.

Database specific

{
    "nvd_published_at": "2021-07-09T12:15:00Z",
    "cwe_ids": [
        "CWE-120",
        "CWE-770"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-09T19:32:11Z"
}

References

Affected packages

SwiftURL / github.com/grpc/grpc-swift

Package

Name: github.com/grpc/grpc-swift
Purl: pkg:swift/github.com/grpc/grpc-swift

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.0