CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-24028
https://notcve.org/view.php?id=CVE-2021-24028
13 Apr 2021 — An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. Una liberación no válida en la serialización basada en tablas de Thrift puede causar que la aplicación se bloquee o potencialmente resultar en una ejecución de código u otros efectos no deseados. Este problema afecta a Facebook Thrift versiones anteriores a v2021.02.22.00 • https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11939
https://notcve.org/view.php?id=CVE-2019-11939
18 Mar 2020 — Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00. Los servidores de Golang Facebook Thrift, no se equivocarían tras recibir mensajes declarando contenedores de tamaños más grandes que la carga útil. Como resultado, unos clientes... • https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3553
https://notcve.org/view.php?id=CVE-2019-3553
10 Mar 2020 — C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00. Los servidores de C ++ Facebook Thrift no se equivocarían tras recibir mensajes que declaran contenedores de tamaños más grandes que la carga útil. Como resultado, clientes malicios... • https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11938
https://notcve.org/view.php?id=CVE-2019-11938
10 Mar 2020 — Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00. Los servidores de Java Facebook Thrift no se equivocarían tras recibir mensajes que declaran contenedores de tamaños más grandes que la carga útil. Como resultado, los clientes mal... • https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0205 – thrift: Endless loop when feed with specific input data
https://notcve.org/view.php?id=CVE-2019-0205
28 Oct 2019 — In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings. En Apache Thrift, todas las versiones hasta 0.12.0 incluyéndola, un servidor o cliente pueden correr en un bucle sin fin cuando es alimentado con datos de entrada específicos. Debido a que el problema ya se había soluciona... • http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3552
https://notcve.org/view.php?id=CVE-2019-3552
06 May 2019 — C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. Los servidores C ++ Facebook Thrift (usando cpp2) no darían error al recibir mensajes con títulares de campos de tipo desconocido. Como resultado, los clientes maliciosos podr... • http://www.securityfocus.com/bid/108279 • CWE-755: Improper Handling of Exceptional Conditions CWE-834: Excessive Iteration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3558
https://notcve.org/view.php?id=CVE-2019-3558
06 May 2019 — Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. Los servidores Python de Facebook Thrift no cometerían errores al recibir mensajes con titúlares de campos de tipo desconocido. Como resultado, los clientes maliciosos podrían enviar me... • http://www.securityfocus.com/bid/108274 • CWE-755: Improper Handling of Exceptional Conditions CWE-834: Excessive Iteration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3559
https://notcve.org/view.php?id=CVE-2019-3559
06 May 2019 — Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. Los servidores Java Facebook Thrift no detectaban un error al recibir mensajes con campo de contenido de tipo desconocido. Como resultado, clientes maliciosos podrían enviar mensajes cort... • https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943 • CWE-755: Improper Handling of Exceptional Conditions CWE-834: Excessive Iteration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3564
https://notcve.org/view.php?id=CVE-2019-3564
06 May 2019 — Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00. Los servidores Thrift de Go Facebook no emitirían errores al recibir mensajes con contenedores de campos de tipo desconocido. En consecuencia, los clientes maliciosos podrían enviar mensaje... • https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156 • CWE-755: Improper Handling of Exceptional Conditions CWE-834: Excessive Iteration •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2019-3565
https://notcve.org/view.php?id=CVE-2019-3565
06 May 2019 — Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00. Servidores legacy C++ Facebook Thrift (usando cpp en lugar de cpp2) no cometían errores al recibir mensajes con contenedores de tipo de campo desconocido... • http://www.securityfocus.com/bid/108280 • CWE-755: Improper Handling of Exceptional Conditions CWE-834: Excessive Iteration •