Fedora: Security Advisory (FEDORA-2023-acbee8f31a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : cachelib / fb303 / fbthrift / fizz / folly / mcrouter / mvfst / etc (2023-acbee8f31a)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-acbee8f31a advisory. Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 Tenable has extracted the preceding description block directly...

Fedora: Security Advisory for fbthrift (FEDORA-2023-7934802344)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for fbthrift (FEDORA-2023-2a9214af5f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for fbthrift (FEDORA-2023-17efd3f2cd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: fbthrift-2023.10.16.00-1.fc38

Thrift is a serialization and RPC framework for service communication. Thrift enables these features in all major languages, and there is strong support for C++, Python, Hack, and Java. Most services at Facebook are written using Thri ft for RPC, and some storage systems use Thrift for serializin...

Fedora 37 : cachelib / fb303 / fbthrift / fizz / folly / mcrouter / mvfst / etc (2023-2a9214af5f)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-2a9214af5f advisory. Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 Tenable has extracted the preceding description block directly...

Fedora 38 : cachelib / fb303 / fbthrift / fizz / folly / mcrouter / mvfst / etc (2023-17efd3f2cd)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-17efd3f2cd advisory. Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487 Tenable has extracted the preceding description block directly...

GO-2021-0088 Denial of service via ignored unknown fields in github.com/facebook/fbthrift

Skip ignores unknown fields, rather than failing. A malicious user can craft small messages with unknown fields which can take significant resources to parse. If a server accepts messages from an untrusted user, it may be used as a denial of service vector...

Denial Of Service (DoS)

github.com/facebook/fbthrift is vulnerable to denial of service DoS. The messages with containers of fields of unknown type are not handled properly and do not trigger an error, thereby allowing an attacker to send malicious short messages and consume resources to cause DoS attack...