Описание
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
Impact
Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service.
Patches
The problem has been fixed in 1.2.0.
Workarounds
No workaround is available. Users must upgrade.
Пакеты
Наименование
github.com/grpc/grpc-swift
Затронутые версииВерсия исправления
< 1.2.0
1.2.0
Связанные уязвимости
CVSS3: 7.5
nvd
больше 4 лет назад
HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption.