11 matches found
EUVD-2019-13189
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-3565
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Legacy C++ Facebook Thrift servers using cpp instead of cpp2 would not error upon receiving messages with containers of fields of unknown type. As a result,...
Linux Distros Unpatched Vulnerability : CVE-2019-11939
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients cou...
CVE-2019-3565
Legacy C++ Facebook Thrift servers using cpp instead of cpp2 would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service...
GO-2021-0082 Denial of service via malicious message size declaration in github.com/facebook/fbthrift
Thrift Servers preallocate memory for the declared size of messages before checking the actual size of the message. This allows a malicious user to send messages that declare that they are significantly larger than they actually are, allowing them to force the server to allocate significant amoun...
CVE-2019-3553
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Faceboo...
Design/Logic Flaw
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Faceboo...
CVE-2019-3564
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift...
UBUNTU-CVE-2019-3552
C++ Facebook Thrift servers using cpp2 would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects...
CVE-2019-3559
Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thri...
UBUNTU-CVE-2019-3565
Legacy C++ Facebook Thrift servers using cpp instead of cpp2 would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service...