OPENSUSE-SU-2026:20816-1 Security update for alloy

This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262955. - CVE-2026-41602: github.com/apache/thrift: TFramedTransport frame size headers can lead to a uint32 integer...

ROOT-APP-MAVEN-CVE-2026-43869 CVE-2026-43869 in io.root.org.apache.thrift:libthrift - Patched by Root

Root has patched CVE-2026-43869 in the io.root.org.apache.thrift:libthrift package for Root:Maven. Multiple fixed versions available...

ROOT-APP-GOBINARY-CVE-2026-41602 CVE-2026-41602 in rootio-github.com/apache/thrift - Patched by Root

Root has patched CVE-2026-41602 in the rootio-github.com/apache/thrift package for Root:Go. Multiple fixed versions available...

UBUNTU-CVE-2026-43868

Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

Improper Validation of Certificate with Host Mismatch

Overview org.apache.thrift:libthrift is a lightweight, language-independent software stack with an associated code generation mechanism for point-to-point RPC. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to insufficient verificatio...

UBUNTU-CVE-2025-48431

Mismatched Memory Management Routines vulnerability in Apache Thrift cglib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an cglib-based Thrift server...

Integer Overflow or Wraparound

Overview github.com/apache/thrift/lib/go/thrift is a Go implementation of the Apache Thrift library. Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the TFramedTransport function on 32-bit architectures. An attacker...

PT-2026-35685

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

libthrift: potential DoS when processing untrusted payloads

A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentiall...

VirtualTablet Server 3.0.2 Denial Of Service

Title: VirtualTablet Server 3.0.2 - Denial of Service PoC Author: Dolev Farhi Date: 2020-04-29 Vulnerable version: 3.0.2 14 Link: http://www.sunnysidesoft.com/ CVE: N/A from thrift import Thrift from thrift.transport import TSocket from thrift.transport import TTransport from thrift.protocol impo...