CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24028
https://notcve.org/view.php?id=CVE-2021-24028
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. Una liberación no válida en la serialización basada en tablas de Thrift puede causar que la aplicación se bloquee o potencialmente resultar en una ejecución de código u otros efectos no deseados. Este problema afecta a Facebook Thrift versiones anteriores a v2021.02.22.00 • https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339 https://www.facebook.com/security/advisories/cve-2021-24028 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 0CVE-2020-13949 – libthrift: potential DoS when processing untrusted payloads
https://notcve.org/view.php?id=CVE-2020-13949
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. En Apache Thrift versiones 0.9.3 hasta 0.13.0, los clientes RPC maliciosos podrían enviar mensajes cortos que resultarían en una gran asignación de memoria, conllevando potencialmente a una denegación de servicio A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentially leading to denial of service. The highest threat from this vulnerability is to system availability. • https://lists.apache.org/thread.html/r01b34416677f1ba869525e1b891ac66fa6f88c024ee4d7cdea6b456b%40%3Cissues.hbase.apache.org%3E https://lists.apache.org/thread.html/r02ba8db500d15a5949e9a7742815438002ba1cf1b361bdda52ed40ca%40%3Cissues.hbase.apache.org%3E https://lists.apache.org/thread.html/r02f7771863383ae993eb83cdfb70c3cb65a355c913242c850f61f1b8%40%3Cissues.hbase.apache.org%3E https://lists.apache.org/thread.html/r0372f0af2dad0b76fbd7a6cfdaad29d50384ad48dda475a5026ff9a3%40%3Cissues.hbase.apache.org%3E https://lists.apache.org/thread.html/r08a7bd19470ef8950d58cc9d9e7b02bc69c43f56c601989a7729cce5%4 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11939
https://notcve.org/view.php?id=CVE-2019-11939
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00. Los servidores de Golang Facebook Thrift, no se equivocarían tras recibir mensajes declarando contenedores de tamaños más grandes que la carga útil. Como resultado, unos clientes maliciosos podrían enviar mensajes cortos que resultaría en una asignación de memoria considerable, conllevando potencialmente a una denegación de servicio. • https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757 https://www.facebook.com/security/advisories/cve-2019-11939 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3553
https://notcve.org/view.php?id=CVE-2019-3553
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00. Los servidores de C ++ Facebook Thrift no se equivocarían tras recibir mensajes que declaran contenedores de tamaños más grandes que la carga útil. Como resultado, clientes maliciosos podrían enviar mensajes cortos que resultarían en una asignación de memoria considerable, conllevando potencialmente a una denegación de servicio. • https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6 https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351 https://www.facebook.com/security/advisories/cve-2019-3553 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11938
https://notcve.org/view.php?id=CVE-2019-11938
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00. Los servidores de Java Facebook Thrift no se equivocarían tras recibir mensajes que declaran contenedores de tamaños más grandes que la carga útil. Como resultado, los clientes maliciosos podrían enviar mensajes cortos que resultarían en una asignación de memoria considerable, conllevando potencialmente a una denegación de servicio. • https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030 https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3 https://www.facebook.com/security/advisories/cve-2019-11938 • CWE-770: Allocation of Resources Without Limits or Throttling •