CGA-j582-pw46-x4f4

Published

Last updated

https://images.chainguard.dev/security/CGA-j582-pw46-x4f4

Package

thrift

Latest Update

Not affected

Aliases

CVE-2019-3564
GHSA-x4rg-4545-4w7w

Severity

7.5

High

CVSS V3

Summary

Improper Input Validation and Excessive Iteration in Go Facebook Thrift

Description

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.

References

https://nvd.nist.gov/vuln/detail/CVE-2019-3564
https://github.com/advisories/GHSA-x4rg-4545-4w7w
https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
https://github.com/facebook/fbthrift
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
https://pkg.go.dev/vuln/GO-2021-0088
https://www.facebook.com/security/advisories/cve-2019-3564

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-j582-pw46-x4f4

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources