Skip to content

Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec

Moderate
glbrntt published GHSA-4rhq-vq24-88gw Jul 8, 2021

Package

grpc-swift (Swift Package Manager)

Affected versions

1.0.0, 1.1.0, 1.1.1

Patched versions

1.2.0

Description

Impact

Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service.

Patches

The problem has been fixed in 1.2.0.

Workarounds

No workaround is available. Users must upgrade.

Severity

Moderate

CVE ID

CVE-2021-36154

Weaknesses