Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec

CVE-2021-36153 → View on GitHub ↗ View on CVE.org ↗ View on NVD ↗

Description

Impact

Affected gRPC Swift servers are vulnerable to precondition failures when parsing certain gRPC Web requests. This may lead to a denial of service.

Patches

The problem has been fixed in 1.2.0.

Workarounds

No workaround is available. Users must upgrade.

Basic information

Type
reviewed
Severity
high
Advisory on GitHub
Open advisory ↗
Repository advisory
Open repository advisory ↗
Source code
Browse source ↗
Published (advisory)
2023-06-09 19:32:18 UTC
Updated
2023-06-19 16:45:07 UTC
GitHub reviewed
2023-06-09 19:32:18 UTC
NVD published
2021-07-09

EPSS Score

Score Percentile
1.36% 79.60%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

Type Value
GHSA GHSA-2jx2-qcm4-rf9h ↗
CVE CVE-2021-36153 ↗

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
swift github.com/grpc/grpc-swift < 1.2.0 1.2.0

References

cvelogic Threat Intelligence