Skip to content

Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec

High severity GitHub Reviewed Published Jul 8, 2021 in grpc/grpc-swift • Updated Jun 19, 2023

Package

swift github.com/grpc/grpc-swift (Swift)

Affected versions

< 1.2.0

Patched versions

1.2.0

Description

Impact

Affected gRPC Swift servers are vulnerable to precondition failures when parsing certain gRPC Web requests. This may lead to a denial of service.

Patches

The problem has been fixed in 1.2.0.

Workarounds

No workaround is available. Users must upgrade.

References

@glbrntt glbrntt published to grpc/grpc-swift Jul 8, 2021
Published by the National Vulnerability Database Jul 9, 2021
Published to the GitHub Advisory Database Jun 9, 2023
Reviewed Jun 9, 2023
Last updated Jun 19, 2023

Severity

High

EPSS score

0.574%
(79th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2021-36153

GHSA ID

GHSA-2jx2-qcm4-rf9h

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.