CVE-2021-36155: Uncontrolled Resource Consumption in LengthPrefixedMessageReader

June 9, 2023

Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated when parsing messages. This can lead to a denial of service.

References

bugs.chromium.org/p/oss-fuzz/issues/detail?id=35303
github.com/advisories/GHSA-rxmj-hg9v-vp3p
github.com/grpc/grpc-swift
github.com/grpc/grpc-swift/releases/tag/1.2.0
github.com/grpc/grpc-swift/security/advisories/GHSA-rxmj-hg9v-vp3p
nvd.nist.gov/vuln/detail/CVE-2021-36155

Detect and mitigate CVE-2021-36155 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →