gRPC Swift Uncontrolled Recursion Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in gRPC Swift versions through 1.1.1. The issue arises in the HTTP2ToRawGRPCServerCodec component, where remote attackers can cause stack consumption and uncontrolled recursion by sending numerous small messages within a single HTTP/2 frame.

Impact

Exploitation of this vulnerability leads to a stack overflow, causing a denial-of-service condition on the server.

Reproduction

The vulnerability can be reproduced by using a gRPC Swift server that is running a vulnerable version. The gRPC server must be configured to accept HTTP/2 frames. Once the server is set up, send a single HTTP/2 frame containing multiple small messages. This can be done using a gRPC client or a tool that allows for manipulation of HTTP/2 frames. The server will process the frame, leading to uncontrolled recursion and stack consumption, which can be verified by monitoring the server's resource usage or by observing a stack overflow crash.

Remediation

Users are advised to upgrade to gRPC Swift version 1.2.0 or later, where this vulnerability has been fixed.