// For flags

CVE-2019-3564

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.

Los servidores Thrift de Go Facebook no emitirían errores al recibir mensajes con contenedores de campos de tipo desconocido. En consecuencia, los clientes maliciosos podrían enviar mensajes cortos, lo que llevaría mucho tiempo para que el servidor los analice, esto conllevaría a una Denegación de Servicio. Este problema afecta a Facebook Thrift antes de versión 2019.03.04.00.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-02 CVE Reserved
  • 2019-05-06 CVE Published
  • 2024-08-04 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-755: Improper Handling of Exceptional Conditions
  • CWE-834: Excessive Iteration
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Facebook
Search vendor "Facebook"
 Thrift
Search vendor "Facebook" for product "Thrift"
 < 2019.03.04.00
Search vendor "Facebook" for product "Thrift" and version " < 2019.03.04.00"
-
Affected