CVE-2019-0205

🗓️ 28 Oct 2019 22:32:27Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 420 Views

Apache Thrift 0.12.0 and prior versions may lead to endless loop due to specific input data

Reporter	Title	Published	Views	Family All 95
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Thrift	2 May 202322:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus is vulnerable to a remote attack & denial of service due to Apache Thrift & Apache Commons Codec (CVE-2018-1320, CVE-2019-0205, IBM X-Force ID: 177835)	22 Mar 202317:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator	28 Aug 202308:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	27 Apr 202310:23	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability of Apache Thrift (libthrift-0.12.0.jar ) have affected APM WebSphere Application Server Agent , APM SAP NetWeaver Agent and APM WebLogic Agent	14 Jul 202313:39	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities CVE-2019-12410, CVE-2019-12408 in arrow package	20 Dec 201908:47	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.	15 Dec 202209:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulenerabilities CVE-2019-0205, CVE-2019-0210 in thrift package	20 Dec 201908:47	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Spark affecting IBM QRadar User Behavior Analytics	18 Oct 202213:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift	20 Jun 202216:01	–	ibm

NVD

Vulners

Node

apache thriftRange≤0.12.0

Node

redhat jboss_enterprise_application_platformMatch7.2.0

AND

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_serverMatch8.0

Node

oracle communications_cloud_native_core_network_slice_selection_functionMatch1.2.1

[
  {
    "product": "Apache Thrift",
    "vendor": "Apache",
    "versions": [
      {
        "status": "affected",
        "version": "all versions up to and including 0.12.0"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9%40%3Ccommits.pulsar.apache.org%3E
access	www.access.redhat.com/errata/RHSA-2020:0805
access	www.access.redhat.com/errata/RHSA-2020:0804
lists	www.lists.apache.org/thread.html/3dfa054b89274c9109c26ed1843ca15a14c03786f4016d26773878ae%40%3Cdev.thrift.apache.org%3E
lists	www.lists.apache.org/thread.html/r137753c9df8dd9065bea27a26af49aadc406b5a57fc584fefa008afd%40%3Cdev.thrift.apache.org%3E
lists	www.lists.apache.org/thread.html/r92b7771afee2625209c36727fefdc77033964e9a1daa81ec3327e625%40%3Cuser.cassandra.apache.org%3E
lists	www.lists.apache.org/thread.html/rf359e5cc6a185494fc0cfe837fe82f7db2ef49242d35cbf3895aebce%40%3Cdev.thrift.apache.org%3E
lists	www.lists.apache.org/thread.html/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142%40%3Ccommits.pulsar.apache.org%3E
lists	www.lists.apache.org/thread.html/r7859e767c90c8f4971dec50f801372aa64e88f143c3e8a265a36f9b4%40%3Cuser.cassandra.apache.org%3E
lists	www.lists.apache.org/thread.html/9f7150d0b02e72d1154721a412e80cf797f1b7cfa295fcefc67b1381%40%3Ccommits.cassandra.apache.org%3E

21 Nov 2024 04:16Current

7.3High risk

Vulners AI Score7.3

CVSS 3.17.5

CVSS 27.8

EPSS0.00718

CWE-835