VYPR

SwiftNIO

by Apple Inc.

Source repositories

CVEs (5)

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2026-28980higJun 12, 2026
    risk 0.39cvss epss 0.00

    ### Summary The `HTTPDecoder` in `NIOHTTP1` enforces no limit on the total size of an HTTP/1 message's header block or on the number of header fields per message. A remote peer can submit an arbitrary number of small, valid headers in a single request and have them all…

  • CVE-2026-43671higJun 12, 2026
    risk 0.39cvss epss 0.00

    ### Summary A program using swift-nio is vulnerable to a potential out-of-bounds write when attacker-controlled index or length values exceeding `UInt32.max` are passed to some `ByteBuffer` methods. This affects all swift-nio versions from 1.0.0 to 2.99.0. It is fixed in…

  • CVE-2026-28970Jun 12, 2026
    risk 0.00cvss epss 0.00

    Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is…

  • CVE-2018-4281Jan 11, 2019
    risk 0.00cvss epss 0.01

    In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation.