Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-11939

Опубликовано: 18 мар. 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.

A flaw was found in thrift. Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Distributed Tracing Jaeger 1jaegerNot affected
OpenShift Service Mesh 1jaegerNot affected
Red Hat Fuse 7camel-thriftNot affected
Red Hat Fuse 7libthriftNot affected
Red Hat JBoss Data Grid 7libthriftNot affected
Red Hat JBoss Data Virtualization 6libthriftOut of support scope
Red Hat JBoss Enterprise Application Platform 7jaeger-thriftNot affected
Red Hat JBoss Enterprise Application Platform 7libthriftNot affected
Red Hat JBoss Enterprise Application Platform Continuous DeliverylibthriftNot affected
Red Hat JBoss Fuse 6libthriftOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1816346thrift: Resource exhaustion via containers sizes messages

EPSS

Процентиль: 69%
0.00615
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-11939

CVSS3: 7.5
ubuntu
почти 6 лет назад

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.

nvd логотип

CVE-2019-11939

CVSS3: 7.5
nvd
почти 6 лет назад

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.

github логотип

GHSA-w3r9-r9w7-8h48

CVSS3: 7.5
github
больше 3 лет назад

Golang Facebook Thrift servers vulnerable to denial of service

EPSS

Процентиль: 69%
0.00615
Низкий

7.5 High

CVSS3