Skip to content

Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec

Moderate severity GitHub Reviewed Published Jul 8, 2021 in grpc/grpc-swift • Updated Jun 19, 2023

Package

swift github.com/grpc/grpc-swift (Swift)

Affected versions

< 1.2.0

Patched versions

1.2.0

Description

Impact

Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service.

Patches

The problem has been fixed in 1.2.0.

Workarounds

No workaround is available. Users must upgrade.

References

@glbrntt glbrntt published to grpc/grpc-swift Jul 8, 2021
Published by the National Vulnerability Database Jul 9, 2021
Published to the GitHub Advisory Database May 22, 2023
Reviewed May 22, 2023
Last updated Jun 19, 2023

Severity

Moderate

EPSS score

0.529%
(77th percentile)

Weaknesses

CVE ID

CVE-2021-36154

GHSA ID

GHSA-4rhq-vq24-88gw

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.