CVE-2019-3564

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-3564

Severity

7.5

High

CVSS V3

Description

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.

References

https://images.chainguard.dev/security/CGA-j582-pw46-x4f4
https://github.com/advisories/GHSA-x4rg-4545-4w7w
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
https://www.facebook.com/security/advisories/cve-2019-3564

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2019-3564

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company