Vulnerability Details CVE-2021-36155
LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 74.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35303
- https://github.com/grpc/grpc-swift/releases
- https://github.com/grpc/grpc-swift/security/advisories/GHSA-rxmj-hg9v-vp3p
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35303
- https://github.com/grpc/grpc-swift/releases
- https://github.com/grpc/grpc-swift/security/advisories/GHSA-rxmj-hg9v-vp3p
Products affected by CVE-2021-36155
-
cpe:2.3:a:linuxfoundation:grpc_swift:1.0.0
-
cpe:2.3:a:linuxfoundation:grpc_swift:1.1.0
-
cpe:2.3:a:linuxfoundation:grpc_swift:1.1.1