CVE-2019-3564 – github.com/facebook/fbthrift

Package

Manager: go
Name: github.com/facebook/fbthrift
Vulnerable Version: >=0 <0.31.1-0.20190225164308-c461c1bd1a3e

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0056 pctl0.67296

Details

Improper Input Validation and Excessive Iteration in Go Facebook Thrift Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.

Metadata

Created: 2022-02-15T01:57:18Z
Modified: 2021-11-03T14:59:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-x4rg-4545-4w7w/GHSA-x4rg-4545-4w7w.json
CWE IDs: ["CWE-20", "CWE-755", "CWE-834"]
Alternative ID: GHSA-x4rg-4545-4w7w
Finding: F184
Auto approve: 1