CVE-2019-11938

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-11938

CGA ID

CGA-xqc8-8jj2-43mm

Severity

7.5

High

CVSS V3

Description

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.

References

https://images.chainguard.dev/security/CGA-xqc8-8jj2-43mm
https://github.com/advisories/GHSA-hr4p-8hm2-w85x
https://www.facebook.com/security/advisories/cve-2019-11938
https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030
https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2019-11938

Severity

Description

References

Affected packages

Product

Why Chainguard

Customers

Company

Resources