11 matches found
CVE-2026-41602
CVE-2026-41602: Integer Overflow or Wraparound in Apache Thrift Go TFramedTransport (uint32 overflow) affecting Thrift before 0.23.0. Affected component: Apache Thrift’s Go TFramedTransport implementation. Root cause: uint32 overflow/wraparound in framing transport handling. Impact: potential ove...
CVE-2026-43868
CVE-2026-43868 concerns a memory allocation with an excessive size value in Apache Thrift. Affected: Thrift versions prior to 0.23.0 (per initial description). Exploitation could cause high memory usage and denial of service; no in-wild exploit details provided. Remediation: upgrade to Apache Thr...
CVE-2026-41606
CVE-2026-41606 is an Uncontrolled Recursion vulnerability in Apache Thrift prior to 0.23.0. The issue affects Apache Thrift before 0.23.0 and is addressed by upgrading to 0.23.0 (as noted in multiple sources, including the openSUSE advisory for libthrift-0_23_0-0.23.0-1.1 on GA media). The CVSS b...
CVE-2026-41636
CVE-2026-41636 describes an Uncontrolled Recursion vulnerability in the Apache Thrift Node.js bindings. Affected software is Apache Thrift versions prior to 0.23.0. The issue is mitigated by upgrading to Thrift 0.23.0, which fixes the problem. The available documents do not specify exact affected...
CVE-2026-43869
The CVE-2026-43869 issue is an Improper Validation of Certificate with Host Mismatch in Apache Thrift, arising from hostname verification in TSSLTransportFactory.java. Affected software: Apache Thrift before 0.23.0. Consequence: potential trust/bypass risks due to invalid host certificate checks....
CVE-2026-43870
Apache Thrift (before 0.23.0) contains multiple issues: Origin Validation Error, Path Traversal (improper limitation of a pathname to a restricted directory), HTTP header CRLF-related splitting, and uncontrolled resource consumption. Upgrade to 0.23.0 to fix. Exploitation status is not provided i...
CVE-2026-41604
The CVE-2026-41604 entry concerns an Out-of-bounds Read vulnerability in Apache Thrift, affecting versions prior to 0.23.0. The vulnerability is characterized by its impact on confidentiality and availability (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H) with a HIGH base score (8.2). Affected ...
CVE-2026-41605
CVE-2026-41605 is an Integer Overflow or Wraparound vulnerability in Apache Thrift affecting versions before 0.23.0 . Public descriptions consistently recommend upgrading to 0.23.0 to fix the issue. Connected sources confirm the vendor/product and the upgrade path; no exploit details or active ve...
CVE-2026-41607
CVE-2026-41607 : The connected documents confirm an out-of-bounds read vulnerability in Apache Thrift, affecting Thrift versions before 0.23.0. The mitigation is to upgrade to 0.23.0 or later, as specified in multiple sources. The vulnerability affects the Thrift implementation and is described c...
CVE-2025-48431
The CVE-2025-48431 affects Apache Thrift c_glib bindings (c_glib language bindings) prior to 0.23.0. The issue is a Mismatched Memory Management Routines vulnerability that can cause a crash in a c_glib-based Thrift server via specially crafted requests, producing a fatal "+free(): invalid pointe...
CVE-2026-41603
CVE-2026-41603 : This vulnerability is in Apache Thrift, specifically an improper validation of a certificate when the host name mismatches during TLS. It affects Apache Thrift versions before 0.23.0. The recommended fix is to upgrade to version 0.23.0, which resolves the issue. The available sou...