CVE Vulnerabilities

CVE-2019-3559

Improper Handling of Exceptional Conditions

Published: May 06, 2019 | Modified: Nov 07, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.

Weakness

The product does not handle or incorrectly handles an exceptional condition.

Affected Software

Name Vendor Start Version End Version
Thrift Facebook * 2019.02.18.00 (excluding)
Hhvm Ubuntu bionic *
Hhvm Ubuntu xenial *
Libthrift-java Ubuntu bionic *
Libthrift-java Ubuntu cosmic *
Libthrift-java Ubuntu esm-apps/bionic *
Libthrift-java Ubuntu esm-apps/xenial *
Libthrift-java Ubuntu xenial *

References