libthrift-0_23_0-0.23.0-1.1 on GA media (moderate)

libthrift-0230-0.23.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10685-1 Rating: moderate Cross-References: CVE-2026-41602 CVE-2026-41604 CVE-2026-41605 CVE-2026-41606 CVE-2026-41607 CVE-2026-41636 CVSS scores: CVE-2026-41602 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

ai.chronon:aggregator_2.11 (>=0.0.1 <=thread_contention-0.0.23-dev3), ai.chronon:aggregator_2.12 (>=0.0.6 <=thread_contention-0.0.23-dev3) +3543 more potentially affected by CVE-2026-43869 via org.apache.thrift:libthrift (>=0.10.0 <=0.22.0)

org.apache.thrift:libthrift MAVEN version =0.10.0, =0.0.1, =0.0.6, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.0.62, =0.0.1, =0.0.6, =0.0.1, =0.0.86, =0.0.86, =0.0.8, =0.0.6, =3.10.0.5, =3.10.3.6 and more Source cves: CVE-2026-43869 Source advisory: OSV:GHSA-7PWC-H2J2-RJGJ...

ai.chronon:aggregator_2.11 (>=0.0.1 <=thread_contention-0.0.23-dev3), ai.chronon:aggregator_2.12 (>=0.0.6 <=thread_contention-0.0.23-dev3) +6570 more potentially affected by CVE-2026-43869 via org.apache.thrift:libthrift (>=0.10.0 <=0.9.3)

org.apache.thrift:libthrift MAVEN version =0.10.0, =0.0.1, =0.0.6, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.0.62, =0.0.1, =0.0.6, =0.0.1, =0.0.86, =0.0.86, =0.0.86, =0.0.1, =local, =threadcontention-0.0.23-dev3 and more Source cves: CVE-2026-43869 Source advisory:...

OPENSUSE-SU-2026:10685-1 libthrift-0_23_0-0.23.0-1.1 on GA media

These are all security issues fixed in the libthrift-0230-0.23.0-1.1 package on the GA media of openSUSE Tumbleweed...

libthrift: potential DoS when processing untrusted payloads

A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentiall...

OPENSUSE-SU-2024:11459-1 libthrift-0_14_1-0.14.1-1.6 on GA media

These are all security issues fixed in the libthrift-0141-0.14.1-1.6 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: Multiple vulnerabilities in libthrift affect IBM Application Performance Management products

Summary libthrift jar is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2018-1320 DESCRIPTION: Apache Thrift could allow a remote attacker to bypass security restrictions, caused by the disablement of an assert used to determine if the SASL handshake had...

Security Bulletin: IBM Integration Bus is vulnerable to a remote attack & denial of service due to Apache Thrift & Apache Commons Codec (CVE-2018-1320, CVE-2019-0205, IBM X-Force ID: 177835)

Summary IBM Integration Bus is vulnerable to a remote attack & denial of service due to Apache Thrift & Apache Commons Codec CVE-2018-1320, CVE-2019-0205, IBM X-Force ID: 177835. The fixes include libthrift 0.17.0 & commons-codec version 1.15 Vulnerability Details CVEID:CVE-2018-1320 DESCRIPTION:...

Critical: Red Hat Security Advisory: Red Hat Fuse 7.10.0 release and security update

A minor version update from 7.9 to 7.10 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...

Denial Of Service (DoS)

libthrift is vulnerable to denial of service DoS. A malicious user can pass a short message to the system to allocate more memory than it has, causing the system to run out of memory...

CVE-2020-13949

A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentiall...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 6 / 7 / 8 : Red Hat JBoss Enterprise Application Platform 7.3 (RHSA-2020:0962)

The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0962 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Securi...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.3.7 security update

A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 7 (RHSA-2020:0805)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0805 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.7 serves as a replacement for Red Hat JBoss Enterprise Application Platfor...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 6 (RHSA-2020:0804)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0804 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.7 serves as a replacement for Red Hat JBoss Enterprise Application Platfor...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 7 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 6 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.7 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...