CVE-2019-0205

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

CVSS v3.0 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/0d058e1bfd11727c4f2e2adf4b6e403a47c38e22431ab20066a1ac79@%3Cdev.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/3dfa054b89274c9109c26ed1843ca15a14c03786f4016d26773878ae@%3Cdev.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/07bd68ad237a5d513751d6d2731a8828f902c738ea57d85c1a72bad3@%3Cdev.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/928cae83d20d8d8196c26118f7084aa37573e1d31162381fb9454fb5@%3Cdev.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/a9669756befaeb0f8e08766d3f4d410a0fce85da3a570506f71f0b67@%3Cdev.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/1c18ec6ebfea0a9211992be952e8b33d0fda202c077979b84a5e09a8@%3Cuser.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/1193444c17f499f92cd198d464a2c1ffc92182c83487345a854914b3@%3Cuser.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/9f7150d0b02e72d1154721a412e80cf797f1b7cfa295fcefc67b1381@%3Ccommits.cassandra.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/003ac686189e6ce7b99267784d04bf60059a8c323eeda5a79a0309b8@%3Ccommits.cassandra.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r50bf84c60867574238d18cdad5da9f303b618114c35566a3a001ae08@%3Cdev.hive.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r73a3c8b80765e3d2430ff51f22b778d0c917919f01815b69ed16cf9d@%3Cissues.hive.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r0d08f5576286f4a042aabde13ecf58979644f6dc210f25aa9a4d469b@%3Cdev.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rf359e5cc6a185494fc0cfe837fe82f7db2ef49242d35cbf3895aebce@%3Cdev.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r228ac842260c2c516af7b09f3cf4cf76e5b9c002e359954a203ab5a5@%3Cdev.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r4633082b834eebccd0d322697651d931ab10ca9c51ee7ef18e1f60f4@%3Cdev.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r137753c9df8dd9065bea27a26af49aadc406b5a57fc584fefa008afd@%3Cdev.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rba61c1f3a3b1960a6a694775b1a437751eba0825f30188f69387fe90@%3Cdev.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r1b1a92c229ead94d53b3bcde9e624d002b54f1c6fdb830b9f4da20e1@%3Cdev.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r573029c2f8632e3174b9eea7cd57f9c9df33f2f706450e23fc57750a@%3Ccommits.thrift.apache.org%3E	Mailing List Patch Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0804	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0805	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0811	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0806	Third Party Advisory
https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rce0d368a78b42c545f26c2e6e91e2b8a91b27b60d0cb45fe1911d337@%3Cnotifications.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff@%3Ccommits.pulsar.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f@%3Ccommits.pulsar.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142@%3Ccommits.pulsar.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/re387dc6ca11cb0b0ce4de8e800bb91ca50fee054b80105f5cd34adcb@%3Cdev.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r569b2b3da41ff45bfacfca6787a4a8728edd556e185b69b140181d9d@%3Cdev.thrift.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r3887b48b183b6fa43e59398bd170a99239c0a16264cb5175b5b689d0@%3Ccommits.cassandra.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r67a704213d13326771f46c84bbd84c8281bb93946e155e0e40abcb4c@%3Ccommits.cassandra.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9@%3Ccommits.pulsar.apache.org%3E	Mailing List Vendor Advisory
https://security.gentoo.org/glsa/202107-32	Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
https://lists.apache.org/thread.html/r0c606d4be9aa163d132edf8edd8eb55e7b9464063b99acbbf6e9e287@%3Cissues.hive.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rb139fa1d2714822d8c6e6f3bd6f5d5c91844d313201185c409288fd9@%3Ccommits.cassandra.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r934f312dd5add7276ac2de684d8b237554ff9f34479a812df5fd6aee@%3Ccommits.cassandra.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r7859e767c90c8f4971dec50f801372aa64e88f143c3e8a265a36f9b4@%3Cuser.cassandra.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r92b7771afee2625209c36727fefdc77033964e9a1daa81ec3327e625@%3Cuser.cassandra.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r53c03e1c979b9c628d0d65e0f49dd9a9f9d7572838727ad11b750575@%3Cuser.cassandra.apache.org%3E	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:thrift:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:8.0:::::::*

Configuration 3 (hide)

cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*

Information

Published : 2019-10-29 12:15

Updated : 2022-04-18 08:45

NVD link : CVE-2019-0205

Mitre link : CVE-2019-0205

JSON object : View

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

Products Affected

redhat

enterprise_linux_server
jboss_enterprise_application_platform

oracle

communications_cloud_native_core_network_slice_selection_function

apache

thrift

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E", "name": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/0d058e1bfd11727c4f2e2adf4b6e403a47c38e22431ab20066a1ac79@%3Cdev.thrift.apache.org%3E", "name": "[thrift-dev] 20191106 [jira] [Resolved] (THRIFT-4997) Nexus Scan Reporting Security issue CVE-2019-0205 for Thrift:", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/3dfa054b89274c9109c26ed1843ca15a14c03786f4016d26773878ae@%3Cdev.thrift.apache.org%3E", "name": "[thrift-dev] 20191106 [jira] [Created] (THRIFT-4997) Nexus Scan Reporting Security issue CVE-2019-0205 for Thrift:", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/07bd68ad237a5d513751d6d2731a8828f902c738ea57d85c1a72bad3@%3Cdev.thrift.apache.org%3E", "name": "[thrift-dev] 20191106 [jira] [Assigned] (THRIFT-4997) Nexus Scan Reporting Security issue CVE-2019-0205 for Thrift:", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/928cae83d20d8d8196c26118f7084aa37573e1d31162381fb9454fb5@%3Cdev.thrift.apache.org%3E", "name": "[thrift-dev] 20191106 [jira] [Updated] (THRIFT-4997) Nexus Scan Reporting Security issue CVE-2019-0205 for Thrift:", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/a9669756befaeb0f8e08766d3f4d410a0fce85da3a570506f71f0b67@%3Cdev.thrift.apache.org%3E", "name": "[thrift-dev] 20191106 [jira] [Comment Edited] (THRIFT-4997) Nexus Scan Reporting Security issue CVE-2019-0205 for Thrift:", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/1c18ec6ebfea0a9211992be952e8b33d0fda202c077979b84a5e09a8@%3Cuser.thrift.apache.org%3E", "name": "[thrift-user] 20191107 CVE-2019-0205", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/1193444c17f499f92cd198d464a2c1ffc92182c83487345a854914b3@%3Cuser.thrift.apache.org%3E", "name": "[thrift-user] 20191108 Re: CVE-2019-0205", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/9f7150d0b02e72d1154721a412e80cf797f1b7cfa295fcefc67b1381@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15415) CVE-2019-0205 (Apache Thrift all versions up to and including 0.12.0 vulnerable) of severity 7.5", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/003ac686189e6ce7b99267784d04bf60059a8c323eeda5a79a0309b8@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r50bf84c60867574238d18cdad5da9f303b618114c35566a3a001ae08@%3Cdev.hive.apache.org%3E", "name": "[hive-dev] 20200116 [jira] [Created] (HIVE-22738) CVE-2019-0205", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r73a3c8b80765e3d2430ff51f22b778d0c917919f01815b69ed16cf9d@%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20200116 [jira] [Updated] (HIVE-22738) CVE-2019-0205", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r0d08f5576286f4a042aabde13ecf58979644f6dc210f25aa9a4d469b@%3Cdev.thrift.apache.org%3E", "name": "[thrift-dev] 20200124 [jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rf359e5cc6a185494fc0cfe837fe82f7db2ef49242d35cbf3895aebce@%3Cdev.thrift.apache.org%3E", "name": "[thrift-dev] 20200124 [jira] [Created] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r228ac842260c2c516af7b09f3cf4cf76e5b9c002e359954a203ab5a5@%3Cdev.thrift.apache.org%3E", "name": "[thrift-dev] 20200125 [jira] [Comment Edited] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r4633082b834eebccd0d322697651d931ab10ca9c51ee7ef18e1f60f4@%3Cdev.thrift.apache.org%3E", "name": "[thrift-dev] 20200125 [jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r137753c9df8dd9065bea27a26af49aadc406b5a57fc584fefa008afd@%3Cdev.thrift.apache.org%3E", "name": "[thrift-dev] 20200127 [jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rba61c1f3a3b1960a6a694775b1a437751eba0825f30188f69387fe90@%3Cdev.thrift.apache.org%3E", "name": "[thrift-dev] 20200208 [jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r1b1a92c229ead94d53b3bcde9e624d002b54f1c6fdb830b9f4da20e1@%3Cdev.thrift.apache.org%3E", "name": "[thrift-dev] 20200208 [jira] [Comment Edited] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r573029c2f8632e3174b9eea7cd57f9c9df33f2f706450e23fc57750a@%3Ccommits.thrift.apache.org%3E", "name": "[thrift-commits] 20200208 [thrift] 01/01: THRIFT-5075: Backport changes for CVE-2019-0205 to 0.9.3.1 branch", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0804", "name": "RHSA-2020:0804", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0805", "name": "RHSA-2020:0805", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0811", "name": "RHSA-2020:0811", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0806", "name": "RHSA-2020:0806", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rce0d368a78b42c545f26c2e6e91e2b8a91b27b60d0cb45fe1911d337@%3Cnotifications.thrift.apache.org%3E", "name": "[thrift-notifications] 20200813 [GitHub] [thrift] kevinsookocheff-wf commented on pull request #1993: THRIFT-5075: Backport changes for CVE-2019-0205 to 0.9.3.1 branch", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210 and CVE-2019-0205", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210 and CVE-2019-0205", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210 and CVE-2019-0205", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/re387dc6ca11cb0b0ce4de8e800bb91ca50fee054b80105f5cd34adcb@%3Cdev.thrift.apache.org%3E", "name": "[thrift-dev] 20210204 [jira] [Updated] (THRIFT-4997) Nexus Scan Reporting Security issue CVE-2019-0205 for Thrift:", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r569b2b3da41ff45bfacfca6787a4a8728edd556e185b69b140181d9d@%3Cdev.thrift.apache.org%3E", "name": "[thrift-dev] 20210204 [jira] [Updated] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r3887b48b183b6fa43e59398bd170a99239c0a16264cb5175b5b689d0@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20210415 [jira] [Updated] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r67a704213d13326771f46c84bbd84c8281bb93946e155e0e40abcb4c@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20210415 [jira] [Commented] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20210607 [GitHub] [pulsar] lhotari commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210, CVE-2019-0205 and CVE-2020-13949", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://security.gentoo.org/glsa/202107-32", "name": "GLSA-202107-32", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "name": "N/A", "tags": ["Patch", "Third Party Advisory"], "refsource": "N/A"}, {"url": "https://lists.apache.org/thread.html/r0c606d4be9aa163d132edf8edd8eb55e7b9464063b99acbbf6e9e287@%3Cissues.hive.apache.org%3E", "name": "[hive-issues] 20210915 [jira] [Resolved] (HIVE-22738) CVE-2019-0205", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rb139fa1d2714822d8c6e6f3bd6f5d5c91844d313201185c409288fd9@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20210924 [jira] [Assigned] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r934f312dd5add7276ac2de684d8b237554ff9f34479a812df5fd6aee@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20210924 [jira] [Updated] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r7859e767c90c8f4971dec50f801372aa64e88f143c3e8a265a36f9b4@%3Cuser.cassandra.apache.org%3E", "name": "[cassandra-user] 20211004 Vulnerability in libthrift library (CVE-2019-0205)", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r92b7771afee2625209c36727fefdc77033964e9a1daa81ec3327e625@%3Cuser.cassandra.apache.org%3E", "name": "[cassandra-user] 20211004 Re: Vulnerability in libthrift library (CVE-2019-0205)", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r53c03e1c979b9c628d0d65e0f49dd9a9f9d7572838727ad11b750575@%3Cuser.cassandra.apache.org%3E", "name": "[cassandra-user] 20211005 Re: Vulnerability in libthrift library (CVE-2019-0205)", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-835"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-0205", "ASSIGNER": "security@apache.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2019-10-29T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:thrift:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.12.0"}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-04-18T15:45Z"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2019-0205

7.5^/10

7.8^/10

Attach tags to `CVE-2019-0205`