thrift-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jens Geyer" <je...@apache.org>
Subject Subject: [SECURITY] CVE-2019-0210 Announcement
Date Wed, 16 Oct 2019 22:46:17 GMT
CVE-2019-0210: Apache Thrift out-of-bounds read vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Thrift 0.9.3 to 0.12.0

Description:
A server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed
with invalid input data.

Mitigation:
Upgrade to version 0.13.0 

Credit:
This issue was reported by Alexandre Fiori of Facebook.

On behalf of the Apache Thrift PMC,
Jens Geyer

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message