Lucene search
GoogleOSV:CVE-2022-24777HistoryMar 25, 2022 - 5:15 p.m.
CVE-2022-24777
2022-03-2517:15:08
Google
osv.dev
10
grpc-swift
denial of service
vulnerability
remote procedure call
grpc
version 1.7.2
goaway frames
availability
grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is high as the server will crash, dropping all in flight connections and requests. This issue is fixed in version 1.7.2. There are currently no known workarounds.
Related
github
github
Denial of Service via reachable assertion
2023-06-09 19:33:16
cve
cve
CVE-2022-24777
2022-03-25 17:15:08
prion
prion
Code injection
2022-03-25 17:15:00
cvelist
cvelist
CVE-2022-24777 Denial of Service via reachable assertion in grpc-swift
2022-03-25 16:35:09
osv
osv
Denial of Service via reachable assertion
2023-06-09 19:33:16
gitlab
gitlab
Denial of Service via reachable assertion
2023-06-09 00:00:00
nvd
nvd
CVE-2022-24777
2022-03-25 17:15:08