HIGH🇵🇱 Wersja polska

CVE-2019-3558

CVSS 7.5v3.1pub. 2019-05-06upd. 2024-11-21

Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Facebook Thrift

    APP
    Facebook
    < 2019.02.18.00
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoSContainer
CWE
References

Related vulnerabilities

CVE-2021-24028CRITICAL9.8ten sam produkt

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result...

CVE-2019-11939HIGH7.5ten sam produkt

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger th...

CVE-2019-11938HIGH7.5ten sam produkt

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than...

CVE-2019-3553HIGH7.5ten sam produkt

C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than ...

CVE-2019-3559HIGH7.5ten sam produkt

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type...