Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg0cmctNDU0NS00dzd3
Improper Input Validation and Excessive Iteration in Go Facebook Thrift
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.
Permalink: https://github.com/advisories/GHSA-x4rg-4545-4w7wJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg0cmctNDU0NS00dzd3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 8 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-x4rg-4545-4w7w, CVE-2019-3564
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-3564
- https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
- https://www.facebook.com/security/advisories/cve-2019-3564
- https://pkg.go.dev/vuln/GO-2021-0088
- https://github.com/advisories/GHSA-x4rg-4545-4w7w
Blast Radius: 11.0
Affected Packages
go:github.com/facebook/fbthrift
Dependent packages: 53Dependent repositories: 29
Downloads:
Affected Version Ranges: < 0.31.1-0.20190225164308-c461c1bd1a3e
Fixed in: 0.31.1-0.20190225164308-c461c1bd1a3e
All affected versions: 0.20.0, 0.24.0, 0.25.0, 0.26.0, 0.27.0, 0.28.0, 0.29.0, 0.30.0, 0.31.0
All unaffected versions: