CVE-2020-13949

Опубликовано: 12 фев. 2021

Источник: debian

EPSS Низкий

Описание

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
thrift	fixed	0.16.0-1	experimental	package
thrift	fixed	0.16.0-3		package
thrift	no-dsa		bullseye	package
thrift	no-dsa		buster	package

Примечания

https://seclists.org/oss-sec/2021/q1/140

EPSS

Процентиль: 74%

0.00819

Низкий

Связанные уязвимости

CVE-2020-13949

CVSS3: 7.5

ubuntu

почти 5 лет назад

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

CVE-2020-13949

CVSS3: 7.5

redhat

почти 5 лет назад

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

CVE-2020-13949

CVSS3: 7.5

nvd

почти 5 лет назад

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

GHSA-g2fg-mr77-6vrm

CVSS3: 7.5

github

почти 5 лет назад

Uncontrolled Resource Consumption in Apache Thrift

BDU:2021-02888

CVSS3: 7.5

fstec

больше 4 лет назад

Уязвимость библиотеки Apache Thrift прикладного программного обеспечения Аврора Центр, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 74%

0.00819

Низкий