Lucene search

K
fedoraFedoraFEDORA:C885220BA53A
HistoryOct 24, 2023 - 1:13 a.m.

[SECURITY] Fedora 37 Update: fbthrift-2023.10.16.00-1.fc37

2023-10-2401:13:17
lists.fedoraproject.org
12
fedora
update
facebook thrift
serialization
rpc
framework
service communication
languages
c++
python
hack
java
storage systems
distribution
internal branch
open source
community
compiler
asynchronous
server

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.7

Confidence

High

EPSS

0.708

Percentile

98.1%

Thrift is a serialization and RPC framework for service communication. Thrift enables these features in all major languages, and there is strong support for C++, Python, Hack, and Java. Most services at Facebook are written using Thri ft for RPC, and some storage systems use Thrift for serializing records on disk. Facebook Thrift is not a distribution of Apache Thrift. This is an evolved internal branch of Thrift that Facebook re-released to open source community in February 2014. Facebook Thrift was originally released closely tracking Apache Thrift but is now evolving in new directions. In particular, the compiler was rewritten from scratch and the new implementation features a fully asynchrono us Thrift server.

OSVersionArchitecturePackageVersionFilename
Fedora37anyfbthrift< 2023.10.16.00UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.7

Confidence

High

EPSS

0.708

Percentile

98.1%