Vulnerability Details CVE-2021-36154
HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 74.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35274
- https://github.com/grpc/grpc-swift/releases
- https://github.com/grpc/grpc-swift/security/advisories/GHSA-4rhq-vq24-88gw
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35274
- https://github.com/grpc/grpc-swift/releases
- https://github.com/grpc/grpc-swift/security/advisories/GHSA-4rhq-vq24-88gw
Products affected by CVE-2021-36154
-
cpe:2.3:a:linuxfoundation:grpc_swift:1.0.0
-
cpe:2.3:a:linuxfoundation:grpc_swift:1.1.0
-
cpe:2.3:a:linuxfoundation:grpc_swift:1.1.1