Skip to main content

Incomplete Internal State Distinction

CVE-2021-36153

Severity High
Score 7.5/10

Summary

Mismanaged state in "GRPCWebToHTTP2ServerCodec.swift" in gRPC Swift versions 1.0.0-alpha.21 prior to 1.2.0 leads to Denial of Service if remote attackers send malformed requests.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-372 - Incomplete Internal State Distinction

The software does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.

Advisory Timeline

  • Published