Vulnerability Details CVE-2021-36155
LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 79.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35303
- https://github.com/grpc/grpc-swift/releases
- https://github.com/grpc/grpc-swift/security/advisories/GHSA-rxmj-hg9v-vp3p
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35303
- https://github.com/grpc/grpc-swift/releases
- https://github.com/grpc/grpc-swift/security/advisories/GHSA-rxmj-hg9v-vp3p
Products affected by CVE-2021-36155
-
cpe:2.3:a:linuxfoundation:grpc_swift:1.0.0
-
cpe:2.3:a:linuxfoundation:grpc_swift:1.1.0
-
cpe:2.3:a:linuxfoundation:grpc_swift:1.1.1