You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by Jens Geyer <je...@hotmail.com> on 2019/10/16 22:46:15 UTC
Subject: [SECURITY] CVE-2019-0205 Announcement
CVE-2019-0205: potential DoS when processing untrusted Thrift payloads
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Thrift up to and including 0.12.0
Description:
A server or client may run into an endless loop when feed with specific input data.
Because the issue had already been partially fixed by THRIFT-4024 in version 0.11.0, depending on the installed version it affects only certain language bindings.
Mitigation:
Upgrade to version 0.13.0
Credit:
This issue was discovered by Hasnain Lakhani of Facebook.
On behalf of the Apache Thrift PMC,
Jens Geyer