Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-0205

Опубликовано: 17 окт. 2019
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

Отчет

Red Hat OpenStack Platform ships OpenDaylight, which contains a vulnerable version of libthrift. However, OpenDaylight does not expose libthrift in a vulnerable way, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. The thrift package in OpenShift Container Platform is installed only in Curator images in the Logging stack. The affected code is included in this package, it's functionality is not used. This vulnerability is therefore rated Low for OpenShift Container Platform.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 1jaegerAffected
Red Hat JBoss Data Virtualization 6libthriftOut of support scope
Red Hat JBoss Enterprise Application Platform 7jaeger-thriftNot affected
Red Hat JBoss Fuse 6libthriftOut of support scope
Red Hat JBoss Fuse Service Works 6thriftOut of support scope
Red Hat JBoss Operations Network 3libthriftOut of support scope
Red Hat OpenShift Application Runtimesjaeger-thriftNot affected
Red Hat OpenShift Application RuntimeslibthriftAffected
Red Hat OpenShift Container Platform 3.10thriftOut of support scope
Red Hat OpenShift Container Platform 3.11thriftWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1764612thrift: Endless loop when feed with specific input data

EPSS

Процентиль: 71%
0.00698
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-0205

CVSS3: 7.5
ubuntu
почти 6 лет назад

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

nvd логотип

CVE-2019-0205

CVSS3: 7.5
nvd
почти 6 лет назад

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

msrc логотип

CVE-2019-0205

CVSS3: 7.5
msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2019-0205

CVSS3: 7.5
debian
почти 6 лет назад

In Apache Thrift all versions up to and including 0.12.0, a server or ...

github логотип

GHSA-rj7p-rfgp-852x

CVSS3: 7.5
github
больше 3 лет назад

Loop with Unreachable Exit Condition in Apache Thrift

EPSS

Процентиль: 71%
0.00698
Низкий

5.9 Medium

CVSS3