DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CVE-2019-11939

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-11939

Severity

7.5

High

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2019-11939
  • https://github.com/advisories/GHSA-w3r9-r9w7-8h48
  • https://pkg.go.dev/vuln/GO-2021-0082
  • https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757
  • https://www.facebook.com/security/advisories/cve-2019-11939

Affected packages

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal