Swift package
github.com/grpc/grpc-swift
pkg:swift/github.com/grpc/grpc-swift
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-24777 | — | < 1.7.2 | 1.7.2 | Mar 25, 2022 | grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The att | ||
| CVE-2021-36153 | — | < 1.2.0 | 1.2.0 | Jul 9, 2021 | Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests. | ||
| CVE-2021-36155 | — | < 1.2.0 | 1.2.0 | Jul 9, 2021 | LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service. | ||
| CVE-2021-36154 | — | < 1.2.0 | 1.2.0 | Jul 9, 2021 | HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption. |
- CVE-2022-24777Mar 25, 2022affected < 1.7.2fixed 1.7.2
grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The att
- CVE-2021-36153Jul 9, 2021affected < 1.2.0fixed 1.2.0
Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests.
- CVE-2021-36155Jul 9, 2021affected < 1.2.0fixed 1.2.0
LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service.
- CVE-2021-36154Jul 9, 2021affected < 1.2.0fixed 1.2.0
HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption.