3 matches found
GO-2024-2911 go-grpc-compression has a zstd decompression bombing vulnerability in github.com/mostynb/go-grpc-compression
go-grpc-compression has a zstd decompression bombing vulnerability in github.com/mostynb/go-grpc-compression...
GHSA-87M9-RV8P-RGMG go-grpc-compression has a zstd decompression bombing vulnerability
Impact A malicious user could cause a denial of service DoS when using a specially crafted gRPC request. The decompression mechanism for zstd did not respect the limits imposed by gRPC, allowing rapid memory usage increases. Versions v1.1.4 through to v1.2.2 made use of the Decoder.DecodeAll...
go-grpc-compression has a zstd decompression bombing vulnerability
Impact A malicious user could cause a denial of service DoS when using a specially crafted gRPC request. The decompression mechanism for zstd did not respect the limits imposed by gRPC, allowing rapid memory usage increases. Versions v1.1.4 through to v1.2.2 made use of the Decoder.DecodeAll...