oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2019-0210: Apache Thrift: out-of-bounds read vulnerability

From: "Jens Geyer" <jensg () apache org>
Date: Thu, 17 Oct 2019 00:46:17 +0200
CVE-2019-0210: Apache Thrift out-of-bounds read vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Thrift 0.9.3 to 0.12.0

Description:
A server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

Mitigation:
Upgrade to version 0.13.0 

Credit:
This issue was reported by Alexandre Fiori of Facebook.

On behalf of the Apache Thrift PMC,
Jens Geyer
Previous By Date Next
Previous By Thread Next

Current thread: