CVE-2021-36155

7.5HIGH

Key Information:

Vendor: Linux
Status: Grpc Swift
Vendor: CVE Published:; 9 July 2021

Summary

LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service.

References

https://github.com/grpc/grpc-swift/releases

x_refsource_MISC

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35303

x_refsource_MISC

https://github.com/grpc/grpc-swift/security/advisories/GH...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2021
Vulnerability Reserved
Jul 5, 2021