Uncontrolled Resource Consumption in LengthPrefixedMessageReader
Package
Affected versions
< 1.2.0
Patched versions
1.2.0
Description
Published by the National Vulnerability Database
Jul 9, 2021
Published to the GitHub Advisory Database
Jun 9, 2023
Reviewed
Jun 9, 2023
Last updated
Jun 19, 2023
Impact
Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated when parsing messages. This can lead to a denial of service.
Patches
The problem has been fixed in 1.2.0.
Workarounds
No workaround is available. Users must upgrade.
References