CVE-2021-36153

Опубликовано: 09 июл. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests.

Ссылки

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35267
Mailing List
Third Party Advisory
https://github.com/grpc/grpc-swift/releases
Release Notes
Third Party Advisory
https://github.com/grpc/grpc-swift/security/advisories/GHSA-2jx2-qcm4-rf9h
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35267
Mailing List
Third Party Advisory
https://github.com/grpc/grpc-swift/releases
Release Notes
Third Party Advisory
https://github.com/grpc/grpc-swift/security/advisories/GHSA-2jx2-qcm4-rf9h
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:linuxfoundation:grpc_swift:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:grpc_swift:1.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01361

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-2jx2-qcm4-rf9h

github

больше 2 лет назад

Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec