Uncontrolled Recursion

CVE-2021-36154

High

7.5/10

Summary

The file "HTTP2ToRawGRPCServerCodec" in gRPC Swift version 1.0.0-alpha.21 prior to 1.2.0 allows remote attackers to perform a Denial of Service attack via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-674 - Uncontrolled Recursion

The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

References

Advisory
Release Note
Issue

Advisory Timeline

Published Jul 09, 2021

Uncontrolled Recursion

CVE-2021-36154

Summary

CWE-674 - Uncontrolled Recursion

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS