4 matches found
CVE-2026-41602
A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service...
CVE-2017-5652
During a routine security analysis, it was found that one of the ports in Apache Impala incubating 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift...
Design/Logic Flaw
During a routine security analysis, it was found that one of the ports in Apache Impala incubating 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift...
CVE-2017-5652
The CVE-2017-5652 entry concerns Apache Impala (incubating) versions 2.7.0–2.8.0 where one port used by the StatestoreSubscriber did not employ the secure Thrift transport when TLS was enabled. This allowed an attacker with network access to eavesdrop on plaintext data traversing that port, const...