Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2019-3564

UNKNOWN
Published 2019-05-06T15:15:02
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2019-3564. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Facebook

Facebook Thrift

Affected Versions:

v2019.03.04.00 unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Improper Input Validation and Excessive Iteration in Go Facebook Thrift

GHSA-x4rg-4545-4w7w

Advisory Details

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.

Affected Packages

Go github.com/facebook/fbthrift
ECOSYSTEM: ≥0 <0.31.1-0.20190225164308-c461c1bd1a3e

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-3564
WEB https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
PACKAGE https://github.com/facebook/fbthrift
WEB https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
WEB https://pkg.go.dev/vuln/GO-2021-0088
WEB https://www.facebook.com/security/advisories/cve-2019-3564

Advisory provided by GitHub Security Advisory Database. Published: February 15, 2022, Modified: November 3, 2021

References

https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
https://www.facebook.com/security/advisories/cve-2019-3564
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
Published: 2019-05-06T15:15:02
Last Modified: 2024-08-04T19:12:09.508Z
Copied to clipboard!