C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HFacebook Thrift
APPFacebook< 2020.02.03.00
Powiązane podatności
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result...
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger th...
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than...
Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown ty...
Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type...