Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg0cmctNDU0NS00dzd3

Improper Input Validation and Excessive Iteration in Go Facebook Thrift

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.

Permalink: https://github.com/advisories/GHSA-x4rg-4545-4w7w
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg0cmctNDU0NS00dzd3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 3 years ago
Updated: about 1 year ago


CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-x4rg-4545-4w7w, CVE-2019-3564
References: Repository: https://github.com/facebook/fbthrift
Blast Radius: 11.0

Affected Packages

go:github.com/facebook/fbthrift
Dependent packages: 53
Dependent repositories: 29
Downloads:
Affected Version Ranges: < 0.31.1-0.20190225164308-c461c1bd1a3e
Fixed in: 0.31.1-0.20190225164308-c461c1bd1a3e
All affected versions: 0.20.0, 0.24.0, 0.25.0, 0.26.0, 0.27.0, 0.28.0, 0.29.0, 0.30.0, 0.31.0
All unaffected versions: