PT-2021-21142 · Unknown · Grpc Swift
Glbrntt
·
Published
2021-07-09
·
Updated
2023-05-22
·
CVE-2021-36154
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
gRPC Swift versions 1.1.1 and earlier
Description:
The issue allows remote attackers to cause a denial of service via the delivery of many small messages within a single HTTP/2 frame, leading to uncontrolled recursion and stack consumption. Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads.
Recommendations:
For gRPC Swift versions 1.1.1 and earlier, upgrade to version 1.2.0 to resolve the issue.
Fix
Uncontrolled Recursion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Grpc Swift