Thrift@* Security Vulnerabilities and Issues — Thrift@* CVE List

Lucene search

FacebookThrift*

9 matches found

CVE•added 2020/03/18 1:15 a.m.•91 views

CVE-2019-11939

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebo...

7.5CVSS7.2AI score0.00615EPSS

CVE•added 2020/03/10 9:15 p.m.•81 views

CVE-2019-11938

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook...

7.5CVSS7.3AI score0.00642EPSS

CVE•added 2021/04/14 12:15 a.m.•66 views

CVE-2021-24028

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.

9.8CVSS9.7AI score0.01674EPSS

CVE•added 2020/03/10 9:15 p.m.•65 views

CVE-2019-3553

C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook ...

7.5CVSS7.3AI score0.00642EPSS

CVE•added 2019/05/06 4:29 p.m.•62 views

CVE-2019-3558

Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thri...

7.5CVSS7.3AI score0.00772EPSS

CVE•added 2019/05/06 4:29 p.m.•58 views

CVE-2019-3552

C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Fac...

7.5CVSS7.3AI score0.004EPSS

CVE•added 2019/05/06 4:29 p.m.•51 views

CVE-2019-3564

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift p...

7.5CVSS7.2AI score0.0056EPSS

CVE•added 2019/05/06 4:29 p.m.•49 views

CVE-2019-3559

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift...

7.5CVSS7.4AI score0.0056EPSS

CVE•added 2019/05/06 4:29 p.m.•49 views

CVE-2019-3565

Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. ...

7.5CVSS7.3AI score0.02127EPSS