CVE-2019-3565
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00.
Servidores legacy C++ Facebook Thrift (usando cpp en lugar de cpp2) no cometían errores al recibir mensajes con contenedores de tipo de campo desconocidos. Como resultado, los clientes maliciosos podían enviar mensajes cortos los cuales tomarían un largo periodo de análisis al servidor,esto podría llevar a una denegación de servicio. Este fallo afecta a Facebook Thrift versiones anteriores a v2019.05.06.00.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-02 CVE Reserved
- 2019-05-06 CVE Published
- 2024-08-04 CVE Updated
- 2024-11-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-755: Improper Handling of Exceptional Conditions
- CWE-834: Excessive Iteration
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/108280 | Third Party Advisory | |
| https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| https://www.facebook.com/security/advisories/cve-2019-3565 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Facebook Search vendor "Facebook" | Thrift Search vendor "Facebook" for product "Thrift" | < 2019.05.06.00 Search vendor "Facebook" for product "Thrift" and version " < 2019.05.06.00" | - |
Affected
| ||||||