GHSA-rxmj-hg9v-vp3p

Опубликовано: 09 июн. 2023

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Uncontrolled Resource Consumption in LengthPrefixedMessageReader

Impact

Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated when parsing messages. This can lead to a denial of service.

Patches

The problem has been fixed in 1.2.0.

Workarounds

No workaround is available. Users must upgrade.

Ссылки

Пакеты

Наименование

github.com/grpc/grpc-swift

Затронутые версииВерсия исправления

< 1.2.0

1.2.0

EPSS

Процентиль: 74%

0.00846

Низкий

7.5 High

CVSS3

CVE ID

CVE-2021-36155

Дефекты

CWE-120

CWE-770

Связанные уязвимости

CVE-2021-36155

CVSS3: 7.5

nvd

больше 4 лет назад

LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service.

EPSS

Процентиль: 74%

0.00846

Низкий

7.5 High

CVSS3

CVE ID

CVE-2021-36155

Дефекты

CWE-120

CWE-770