CVE-2019-11938

2020-03-1020:30:20

CWE-770

facebook

www.cve.org

0.002 Low

EPSS

Percentile

56.6%

JSON

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.

CNA Affected

[
  {
    "product": "Facebook Thrift",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "v2019.12.09.00",
        "versionType": "custom"
      },
      {
        "lessThan": "v2019.12.09.00",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]