Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-3565 | 1 Facebook | 1 Thrift | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00. | |||||
CVE-2019-3564 | 1 Facebook | 1 Thrift | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00. | |||||
CVE-2019-3558 | 1 Facebook | 1 Thrift | 2021-10-29 | 5.0 MEDIUM | 7.5 HIGH |
Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | |||||
CVE-2019-3559 | 1 Facebook | 1 Thrift | 2021-10-29 | 5.0 MEDIUM | 7.5 HIGH |
Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | |||||
CVE-2019-3552 | 1 Facebook | 1 Thrift | 2021-10-29 | 5.0 MEDIUM | 7.5 HIGH |
C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | |||||
CVE-2021-24028 | 1 Facebook | 1 Thrift | 2021-04-21 | 7.5 HIGH | 9.8 CRITICAL |
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. | |||||
CVE-2019-11939 | 1 Facebook | 1 Thrift | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00. | |||||
CVE-2019-11938 | 1 Facebook | 1 Thrift | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00. | |||||
CVE-2019-3553 | 1 Facebook | 1 Thrift | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00. |