Lucene search
K

11 matches found

CVE
CVE
added 2026/04/28 9:19 a.m.41 views

CVE-2026-41602

CVE-2026-41602: Integer Overflow or Wraparound in Apache Thrift Go TFramedTransport (uint32 overflow) affecting Thrift before 0.23.0. Affected component: Apache Thrift’s Go TFramedTransport implementation. Root cause: uint32 overflow/wraparound in framing transport handling. Impact: potential ove...

7.5CVSS5.2AI score0.01163EPSS
CVE
CVE
added 2026/05/05 7:49 a.m.27 views

CVE-2026-43868

CVE-2026-43868 concerns a memory allocation with an excessive size value in Apache Thrift. Affected: Thrift versions prior to 0.23.0 (per initial description). Exploitation could cause high memory usage and denial of service; no in-wild exploit details provided. Remediation: upgrade to Apache Thr...

7.5CVSS6.7AI score0.00665EPSS
CVE
CVE
added 2026/04/28 9:21 a.m.25 views

CVE-2026-41606

CVE-2026-41606 is an Uncontrolled Recursion vulnerability in Apache Thrift prior to 0.23.0. The issue affects Apache Thrift before 0.23.0 and is addressed by upgrading to 0.23.0 (as noted in multiple sources, including the openSUSE advisory for libthrift-0_23_0-0.23.0-1.1 on GA media). The CVSS b...

7.5CVSS5.2AI score0.01144EPSS
CVE
CVE
added 2026/04/28 9:22 a.m.23 views

CVE-2026-41636

CVE-2026-41636 describes an Uncontrolled Recursion vulnerability in the Apache Thrift Node.js bindings. Affected software is Apache Thrift versions prior to 0.23.0. The issue is mitigated by upgrading to Thrift 0.23.0, which fixes the problem. The available documents do not specify exact affected...

8.7CVSS5.2AI score0.00469EPSS
CVE
CVE
added 2026/05/05 7:25 a.m.21 views

CVE-2026-43869

The CVE-2026-43869 issue is an Improper Validation of Certificate with Host Mismatch in Apache Thrift, arising from hostname verification in TSSLTransportFactory.java. Affected software: Apache Thrift before 0.23.0. Consequence: potential trust/bypass risks due to invalid host certificate checks....

7.3CVSS5.8AI score0.00632EPSS
CVE
CVE
added 2026/05/05 7:45 a.m.17 views

CVE-2026-43870

Apache Thrift (before 0.23.0) contains multiple issues: Origin Validation Error, Path Traversal (improper limitation of a pathname to a restricted directory), HTTP header CRLF-related splitting, and uncontrolled resource consumption. Upgrade to 0.23.0 to fix. Exploitation status is not provided i...

7.3CVSS5.8AI score0.00394EPSS
CVE
CVE
added 2026/04/28 9:20 a.m.15 views

CVE-2026-41604

The CVE-2026-41604 entry concerns an Out-of-bounds Read vulnerability in Apache Thrift, affecting versions prior to 0.23.0. The vulnerability is characterized by its impact on confidentiality and availability (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H) with a HIGH base score (8.2). Affected ...

8.2CVSS5.2AI score0.00954EPSS
CVE
CVE
added 2026/04/28 9:20 a.m.15 views

CVE-2026-41605

CVE-2026-41605 is an Integer Overflow or Wraparound vulnerability in Apache Thrift affecting versions before 0.23.0 . Public descriptions consistently recommend upgrading to 0.23.0 to fix the issue. Connected sources confirm the vendor/product and the upgrade path; no exploit details or active ve...

7.7CVSS5.2AI score0.00967EPSS
CVE
CVE
added 2026/04/28 9:21 a.m.15 views

CVE-2026-41607

CVE-2026-41607 : The connected documents confirm an out-of-bounds read vulnerability in Apache Thrift, affecting Thrift versions before 0.23.0. The mitigation is to upgrade to 0.23.0 or later, as specified in multiple sources. The vulnerability affects the Thrift implementation and is described c...

9.1CVSS5.2AI score0.00967EPSS
CVE
CVE
added 2026/04/28 9:11 a.m.14 views

CVE-2025-48431

The CVE-2025-48431 affects Apache Thrift c_glib bindings (c_glib language bindings) prior to 0.23.0. The issue is a Mismatched Memory Management Routines vulnerability that can cause a crash in a c_glib-based Thrift server via specially crafted requests, producing a fatal "+free(): invalid pointe...

7.5CVSS5.3AI score0.01051EPSS
CVE
CVE
added 2026/04/28 9:19 a.m.14 views

CVE-2026-41603

CVE-2026-41603 : This vulnerability is in Apache Thrift, specifically an improper validation of a certificate when the host name mismatches during TLS. It affects Apache Thrift versions before 0.23.0. The recommended fix is to upgrade to version 0.23.0, which resolves the issue. The available sou...

8.2CVSS5.2AI score0.00593EPSS