[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2019-0210: Apache Thrift: out-of-bounds read vulnerability
From:       "Jens Geyer" <jensg () apache ! org>
Date:       2019-10-16 22:46:17
Message-ID: 277A46CA87494176B1BBCF5D72624A2A () HAGGIS
[Download RAW message or body]


CVE-2019-0210: Apache Thrift out-of-bounds read vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Thrift 0.9.3 to 0.12.0

Description:
A server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

Mitigation:
Upgrade to version 0.13.0 

Credit:
This issue was reported by Alexandre Fiori of Facebook.

On behalf of the Apache Thrift PMC,
Jens Geyer


[prev in list] [next in list] [prev in thread] [next in thread]