HIGH🇵🇱 Wersja polska

CVE-2019-3553

CVSS 7.5v3.1pub. 2020-03-10upd. 2024-11-21

C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Facebook Thrift

    APP
    Facebook
    < 2020.02.03.00
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoSContainer
CWE
References

Related vulnerabilities

CVE-2021-24028CRITICAL9.8ten sam produkt

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result...

CVE-2019-11939HIGH7.5ten sam produkt

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger th...

CVE-2019-11938HIGH7.5ten sam produkt

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than...

CVE-2019-3558HIGH7.5ten sam produkt

Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown ty...

CVE-2019-3559HIGH7.5ten sam produkt

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type...