Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 11 results


CVE-2020-13949

Low priority
Needs evaluation

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

1 affected packages

thrift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
thrift Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
Show less packages

CVE-2019-11939

Low priority
Needs evaluation

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory...

1 affected packages

thrift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
thrift Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
Show less packages

CVE-2019-0210

Medium priority
Ignored

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

1 affected packages

thrift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
thrift Not affected Not in release Not in release
Show less packages

CVE-2019-0205

Medium priority
Ignored

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the...

1 affected packages

thrift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
thrift Not affected Not in release Not in release
Show less packages

CVE-2019-3565

Medium priority
Needs evaluation

Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long...

3 affected packages

hhvm, reminders-app, thrift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
hhvm Not in release Not in release Not in release Needs evaluation Needs evaluation
reminders-app Not in release Not in release Not in release Not in release Needs evaluation
thrift Not affected Not affected Not affected Not in release Not in release
Show less packages

CVE-2019-3564

Medium priority
Needs evaluation

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to...

2 affected packages

golang-github-uber-go-tally, thrift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-github-uber-go-tally Needs evaluation Needs evaluation Not in release Not in release Not in release
thrift Not affected Not affected Not affected Not in release Not in release
Show less packages

CVE-2019-3559

Medium priority
Vulnerable

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to...

3 affected packages

hhvm, libthrift-java, thrift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
hhvm Not in release Not in release Not in release Needs evaluation Needs evaluation
libthrift-java Not affected Not affected Not in release Vulnerable Vulnerable
thrift Not affected Not affected Not affected Not in release Not in release
Show less packages

CVE-2018-1320

Medium priority
Fixed

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had...

1 affected packages

libthrift-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libthrift-java Fixed Fixed
Show less packages

CVE-2018-11798

Low priority

Not in release

The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.

1 affected packages

thrift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
thrift Not in release Not in release
Show less packages

CVE-2016-5397

Medium priority
Vulnerable

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.

2 affected packages

thrift, thrift-compiler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
thrift Not affected Not affected Not affected Not in release Not in release
thrift-compiler Not in release Not in release Not in release Vulnerable Vulnerable
Show less packages