oss-sec mailing list archives
CVE-2019-0205: Apache Thrift: potential DoS when processing untrusted Thrift payload
From: Jens Geyer <jensgeyer () hotmail com>
Date: Wed, 16 Oct 2019 22:46:15 +0000
CVE-2019-0205: potential DoS when processing untrusted Thrift payloads Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Thrift up to and including 0.12.0 Description: A server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed by THRIFT-4024 in version 0.11.0, depending on the installed version it affects only certain language bindings. Mitigation: Upgrade to version 0.13.0 Credit: This issue was discovered by Hasnain Lakhani of Facebook. On behalf of the Apache Thrift PMC, Jens Geyer
Current thread:
- CVE-2019-0205: Apache Thrift: potential DoS when processing untrusted Thrift payload Jens Geyer (Oct 17)