29 matches found
EUVD-2023-1886
Malicious code in bioql PyPI...
EUVD-2023-1873
Malicious code in bioql PyPI...
EUVD-2023-1664
Malicious code in bioql PyPI...
CVE-2021-36155
LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service...
CVE-2021-36154
HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption...
CVE-2021-36153
Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests...
CVE-2022-24777
grpc-swift is the Swift language implementation of gRPC, a remote procedure call RPC framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: ...
GHSA-R6WW-5963-7R95 Denial of Service via reachable assertion
A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is hig...
GHSA-2JX2-QCM4-RF9H Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec
Impact Affected gRPC Swift servers are vulnerable to precondition failures when parsing certain gRPC Web requests. This may lead to a denial of service. Patches The problem has been fixed in 1.2.0. Workarounds No workaround is available. Users must upgrade...
Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec
Impact Affected gRPC Swift servers are vulnerable to precondition failures when parsing certain gRPC Web requests. This may lead to a denial of service. Patches The problem has been fixed in 1.2.0. Workarounds No workaround is available. Users must upgrade...
GHSA-RXMJ-HG9V-VP3P Uncontrolled Resource Consumption in LengthPrefixedMessageReader
Impact Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated when parsing messages. This can lead to a denial of service. Patches The problem has been fixed in 1.2.0. Workarounds No workaround is available. Users mus...
Denial of Service via reachable assertion
A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is hig...
Uncontrolled Resource Consumption in LengthPrefixedMessageReader
Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated when parsing messages. This can lead to a denial of service...
GHSA-4RHQ-VQ24-88GW Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
Impact Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service. Patches The problem has been fixed in 1.2.0. Workarounds No workaround is available. Users must upgrade...
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service...
Denial of Service (DoS)
Overview grpc/grpc-swift is a Swift language implementation of gRPC. Affected versions of this package are vulnerable to Denial of Service DoS. Excessive memory may be allocated when parsing messages. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...
CVE-2022-24777
grpc-swift is the Swift language implementation of gRPC, a remote procedure call RPC framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: ...
CVE-2022-24777 Denial of Service via reachable assertion in grpc-swift
grpc-swift is the Swift language implementation of gRPC, a remote procedure call RPC framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: ...
CVE-2022-24777
CVE-2022-24777 – grpc-swift denial of service : The issue affects grpc-swift servers before version 1.7.2. It results from incorrect logic when handling GOAWAY frames, allowing a low-effort attack that can crash the server and drop all in-flight connections and requests. The impact on availabilit...
CVE-2022-24777 Denial of Service via reachable assertion in grpc-swift
grpc-swift is the Swift language implementation of gRPC, a remote procedure call RPC framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: ...