gRPC Swift 1.0.0 ..< 1.7.1: Denial of Service Vulnerability

In gRPC Swift versions 1.0.0 through to 1.7.1 inclusive, gRPC servers were vulnerable to denial of service attacks from a reachable precondition due to incorrect logic when handling GOAWAY frames. This was discovered by automated fuzz testing.

Users must upgrade to 1.7.2 to resolve this issue.

Details can be found on the GitHub security advisory: Denial of Service via reachable assertion · Advisory · grpc/grpc-swift · GitHub

5 Likes