Incomplete Internal State Distinction
CVE-2021-36153
Summary
Mismanaged state in "GRPCWebToHTTP2ServerCodec.swift" in gRPC Swift versions 1.0.0-alpha.21 prior to 1.2.0 leads to Denial of Service if remote attackers send malformed requests.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-372 - Incomplete Internal State Distinction
The software does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.
References
Advisory Timeline
- Published