facebook/fbthrift

facebook/fbthrift

Releases494

Frequency1 week 1 day

Last Release 5 days ago

Stars2.69K

Facebook's branch of Apache Thrift, including a new C++ server.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-24028 ↗	Apr 14, 2021Wednesday, 14 April 2021, 00:15	9.8 CRITICAL	7.5 HIGH
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2019-11939 ↗	Mar 18, 2020Wednesday, 18 March 2020, 01:15	7.5 HIGH	5 MEDIUM
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.
CVE-2019-11938 ↗	Mar 10, 2020Tuesday, 10 March 2020, 21:15	7.5 HIGH	5 MEDIUM
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.
CVE-2019-3553 ↗	Mar 10, 2020Tuesday, 10 March 2020, 21:15	7.5 HIGH	5 MEDIUM
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00.
CVE-2019-3559 ↗	May 6, 2019Monday, 6 May 2019, 16:29	7.5 HIGH	5 MEDIUM
Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
CVE-2019-3564 ↗	May 6, 2019Monday, 6 May 2019, 16:29	7.5 HIGH	5 MEDIUM
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.
CVE-2019-3565 ↗	May 6, 2019Monday, 6 May 2019, 16:29	7.5 HIGH	5 MEDIUM
Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00.
CVE-2019-3552 ↗	May 6, 2019Monday, 6 May 2019, 16:29	7.5 HIGH	5 MEDIUM
C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
CVE-2019-3558 ↗	May 6, 2019Monday, 6 May 2019, 16:29	7.5 HIGH	5 MEDIUM
Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.