CVE Vulnerabilities

CVE-2019-3564

Improper Handling of Exceptional Conditions

Published: May 06, 2019 | Modified: Nov 07, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.

Weakness

The product does not handle or incorrectly handles an exceptional condition.

Affected Software

Name Vendor Start Version End Version
Thrift Facebook * 2019.03.04.00 (excluding)
Golang-github-uber-go-tally Ubuntu kinetic *
Golang-github-uber-go-tally Ubuntu lunar *
Golang-github-uber-go-tally Ubuntu mantic *
Thrift Ubuntu upstream *

References