CVE-2022-24777

Name of the Vulnerable Software and Affected Versions grpc-swift versions prior to 1.7.2

Description The issue is a denial of service attack via a reachable assertion, caused by incorrect logic when handling GOAWAY frames. This attack requires minimal resources to construct and send the required sequence of frames, resulting in a high impact on availability as the server will crash, dropping all in-flight connections and requests.

Recommendations For versions prior to 1.7.2, update to version 1.7.2 to resolve the issue. At the moment, there is no information about other workarounds for this issue.