CVE-2019-11938
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.
Los servidores de Java Facebook Thrift no se equivocarían tras recibir mensajes que declaran contenedores de tamaños más grandes que la carga útil. Como resultado, los clientes maliciosos podrían enviar mensajes cortos que resultarían en una asignación de memoria considerable, conllevando potencialmente a una denegación de servicio. Este problema afecta a Facebook Thrift versiones anteriores a v2019.12.09.00.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-05-13 CVE Reserved
- 2020-03-10 CVE Published
- 2024-01-13 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.facebook.com/security/advisories/cve-2019-11938 | 2020-03-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Facebook Search vendor "Facebook" | Thrift Search vendor "Facebook" for product "Thrift" | < 2019.12.09.00 Search vendor "Facebook" for product "Thrift" and version " < 2019.12.09.00" | - |
Affected
|