BIT-THRIFT-2026-41604 Apache Thrift: Swift Range crash in skip()

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to uncontrolled recursion in the skip function. An attacker can cause a stack overflow and potentially crash the application by sending specially crafted input that triggers deep recursion. Remediation Upgrade...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the skip function. An attacker can cause a crash or read unintended memory by providing specially crafted input that triggers an out-of-bounds access. Remediation Upgrade thrift to version 0.23.0 or higher...

CVE-2026-41604 Apache Thrift: Swift Range crash in skip()

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

SUSE CVE-2015-3254

The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service infinite recursion via vectors involving the skip function...

thrift: Infinite recursion via vectors involving the skip function

A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function; resulting in a denial of service DoS condition...

thrift: Infinite recursion via vectors involving the skip function

A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function; resulting in a denial of service DoS condition...

Apache Thrift Client Library Denial of Service Vulnerability

Apache Thrift is an interface definition language and binary communication protocol for defining and creating services for multiple languages. The Apache Thrift client inventory is vulnerable to a denial of service. A remote authenticated user can cause a denial of service infinite recursion via ...

CVE-2015-3254

Removed by vendor...

PT-2017-6654 · Apache +1 · Apache Thrift +1

Name of the Vulnerable Software and Affected Versions: Apache Thrift versions prior to 0.9.3 Description: The issue allows remote authenticated users to cause a denial of service, specifically through infinite recursion, by exploiting vectors related to the skip function. Recommendations: For...