GHSA-6PH5-FWW6-VFWV NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length

Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...

Denial of Service (DoS)

Overview apple/swift-nio-extras is an useful code around SwiftNIO. Affected versions of this package are vulnerable to Denial of Service DoS. When using the .size decompression limit, request & response decompression checks the size of compressed instead of decompressed bytes. Details Denial of...

Unchecked Input for Loop Condition

Overview apple/swift-nio-extras is an useful code around SwiftNIO. Affected versions of this package are vulnerable to Unchecked Input for Loop Condition. SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects...

Denial Of Service (DoS)

github.com/apple/swift-nio-extras is vulnerable to denial of service. The vulnerability exists because complete HTTP body decompression is not properly detected and the code repeatedly attempts to decompress the data appended to the HTTP message causing an infinite loop which leads to an...

Denial Of Service (DoS)

github.com/apple/swift-nio-extras is vulnerable to denial of service DoS. When .size decompression limit is used, it does not properly check the size of decompression limits defined by their DecompressionLimit property, allowing an attacker to crash the application by maliciously sending compress...

Apple SwiftNIO Extras Denial of Service Vulnerability

Apple SwiftNIO Extras is an extension of the SwiftNIO web application framework from Apple USA. A security vulnerability exists in Apple SwiftNIO Extras versions prior to 1.4.1. A remote attacker could exploit this vulnerability to cause a denial of service in the client or server...