CVE-2021-36153

7.5HIGH

Key Information:

Vendor: Linux
Status: Grpc Swift
Vendor: CVE Published:; 9 July 2021

Summary

Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests.

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35267

x_refsource_MISC

https://github.com/grpc/grpc-swift/releases

x_refsource_MISC

https://github.com/grpc/grpc-swift/security/advisories/GH...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2021
Vulnerability Reserved
Jul 5, 2021