All the vulnerabilites related to Facebook - Facebook Thrift
cve-2019-3552
Vulnerability from cvelistv5
Published
2019-05-06 15:15
Modified
2024-08-04 19:12
Severity ?
EPSS score ?
Summary
C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108279 | vdb-entry, x_refsource_BID | |
| https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Facebook Thrift |
Version: v2019.02.18.00 Version: unspecified < v2019.02.18.00 |
|
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
},
{
"name": "108279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108279"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Thrift",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "v2019.02.18.00"
},
{
"lessThan": "v2019.02.18.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "Excessive Iteration (CWE-834)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-16T05:06:21",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
},
{
"name": "108279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108279"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-02-15",
"ID": "CVE-2019-3552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Thrift",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "v2019.02.18.00"
},
{
"version_affected": "\u003c",
"version_value": "v2019.02.18.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Excessive Iteration (CWE-834)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b",
"refsource": "MISC",
"url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
},
{
"name": "108279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108279"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-3552",
"datePublished": "2019-05-06T15:15:02",
"dateReserved": "2019-01-02T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45773
Vulnerability from cvelistv5
Published
2024-09-27 13:49
Modified
2024-09-27 14:30
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.facebook.com/security/advisories/cve-2024-45773 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Facebook Thrift |
Version: v0.0.0.0 ≤ |
|
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:facebook:thrift:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thrift",
"vendor": "facebook",
"versions": [
{
"lessThan": "2024.09.23.00",
"status": "affected",
"version": "2024.09.09.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T14:29:20.510356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T14:30:23.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Facebook Thrift",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2024.09.09.00",
"status": "affected",
"version": "v0.0.0.0",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2024-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free (CWE-416)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T13:49:54.031Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2024-45773"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2024-45773",
"datePublished": "2024-09-27T13:49:54.031Z",
"dateReserved": "2024-09-07T13:20:18.820Z",
"dateUpdated": "2024-09-27T14:30:23.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11938
Vulnerability from cvelistv5
Published
2020-03-10 20:30
Modified
2024-08-04 23:10
Severity ?
EPSS score ?
Summary
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030 | x_refsource_MISC | |
| https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3 | x_refsource_MISC | |
| https://www.facebook.com/security/advisories/cve-2019-11938 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Facebook Thrift |
Patch: v2019.12.09.00 Version: unspecified < v2019.12.09.00 |
|
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:29.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-11938"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Thrift",
"vendor": "Facebook",
"versions": [
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2019.12.09.00",
"versionType": "custom"
},
{
"lessThan": "v2019.12.09.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T20:30:20",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-11938"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-02-14",
"ID": "CVE-2019-11938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Thrift",
"version": {
"version_data": [
{
"version_affected": "!\u003e=",
"version_value": "v2019.12.09.00"
},
{
"version_affected": "\u003c",
"version_value": "v2019.12.09.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allocation of Resources Without Limits or Throttling (CWE-770)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030",
"refsource": "MISC",
"url": "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030"
},
{
"name": "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3",
"refsource": "MISC",
"url": "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3"
},
{
"name": "https://www.facebook.com/security/advisories/cve-2019-11938",
"refsource": "CONFIRM",
"url": "https://www.facebook.com/security/advisories/cve-2019-11938"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-11938",
"datePublished": "2020-03-10T20:30:20",
"dateReserved": "2019-05-13T00:00:00",
"dateUpdated": "2024-08-04T23:10:29.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3553
Vulnerability from cvelistv5
Published
2020-03-10 20:30
Modified
2024-08-04 19:12
Severity ?
EPSS score ?
Summary
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351 | x_refsource_MISC | |
| https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6 | x_refsource_MISC | |
| https://www.facebook.com/security/advisories/cve-2019-3553 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Facebook Thrift |
Patch: v2020.02.03.00 Version: unspecified < v2020.02.03.00 |
|
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Thrift",
"vendor": "Facebook",
"versions": [
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2020.02.03.00",
"versionType": "custom"
},
{
"lessThan": "v2020.02.03.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T20:30:21",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3553"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-02-14",
"ID": "CVE-2019-3553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Thrift",
"version": {
"version_data": [
{
"version_affected": "!\u003e=",
"version_value": "v2020.02.03.00"
},
{
"version_affected": "\u003c",
"version_value": "v2020.02.03.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allocation of Resources Without Limits or Throttling (CWE-770)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351",
"refsource": "MISC",
"url": "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351"
},
{
"name": "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6",
"refsource": "MISC",
"url": "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6"
},
{
"name": "https://www.facebook.com/security/advisories/cve-2019-3553",
"refsource": "CONFIRM",
"url": "https://www.facebook.com/security/advisories/cve-2019-3553"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-3553",
"datePublished": "2020-03-10T20:30:21",
"dateReserved": "2019-01-02T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3565
Vulnerability from cvelistv5
Published
2019-05-06 15:15
Modified
2024-08-04 19:12
Severity ?
EPSS score ?
Summary
Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64 | x_refsource_MISC | |
| https://www.facebook.com/security/advisories/cve-2019-3565 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108280 | vdb-entry, x_refsource_BID | |
| https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Facebook Thrift |
Version: v2019.05.06.00 Version: unspecified < v2019.05.06.00 |
|
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3565"
},
{
"name": "108280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108280"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Thrift",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "v2019.05.06.00"
},
{
"lessThan": "v2019.05.06.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "Excessive Iteration (CWE-834)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-16T05:06:31",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3565"
},
{
"name": "108280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108280"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-05-02",
"ID": "CVE-2019-3565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Thrift",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "v2019.05.06.00"
},
{
"version_affected": "\u003c",
"version_value": "v2019.05.06.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Excessive Iteration (CWE-834)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64",
"refsource": "MISC",
"url": "https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64"
},
{
"name": "https://www.facebook.com/security/advisories/cve-2019-3565",
"refsource": "MISC",
"url": "https://www.facebook.com/security/advisories/cve-2019-3565"
},
{
"name": "108280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108280"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-3565",
"datePublished": "2019-05-06T15:15:02",
"dateReserved": "2019-01-02T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3564
Vulnerability from cvelistv5
Published
2019-05-06 15:15
Modified
2024-08-04 19:12
Severity ?
EPSS score ?
Summary
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156 | x_refsource_MISC | |
| https://www.facebook.com/security/advisories/cve-2019-3564 | x_refsource_MISC | |
| https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Facebook Thrift |
Version: v2019.03.04.00 Version: unspecified < v2019.03.04.00 |
|
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3564"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Thrift",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "v2019.03.04.00"
},
{
"lessThan": "v2019.03.04.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "Excessive Iteration (CWE-834)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-16T05:06:24",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3564"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-02-25",
"ID": "CVE-2019-3564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Thrift",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "v2019.03.04.00"
},
{
"version_affected": "\u003c",
"version_value": "v2019.03.04.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Excessive Iteration (CWE-834)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156",
"refsource": "MISC",
"url": "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156"
},
{
"name": "https://www.facebook.com/security/advisories/cve-2019-3564",
"refsource": "MISC",
"url": "https://www.facebook.com/security/advisories/cve-2019-3564"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-3564",
"datePublished": "2019-05-06T15:15:02",
"dateReserved": "2019-01-02T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3558
Vulnerability from cvelistv5
Published
2019-05-06 15:15
Modified
2024-08-04 19:12
Severity ?
EPSS score ?
Summary
Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b | x_refsource_MISC | |
| https://www.facebook.com/security/advisories/cve-2019-3558 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108274 | vdb-entry, x_refsource_BID | |
| https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Facebook Thrift |
Version: v2019.02.18.00 Version: unspecified < v2019.02.18.00 |
|
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3558"
},
{
"name": "108274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108274"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Thrift",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "v2019.02.18.00"
},
{
"lessThan": "v2019.02.18.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "Excessive Iteration (CWE-834)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-16T05:06:08",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3558"
},
{
"name": "108274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108274"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-02-15",
"ID": "CVE-2019-3558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Thrift",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "v2019.02.18.00"
},
{
"version_affected": "\u003c",
"version_value": "v2019.02.18.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Excessive Iteration (CWE-834)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b",
"refsource": "MISC",
"url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
},
{
"name": "https://www.facebook.com/security/advisories/cve-2019-3558",
"refsource": "MISC",
"url": "https://www.facebook.com/security/advisories/cve-2019-3558"
},
{
"name": "108274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108274"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-3558",
"datePublished": "2019-05-06T15:15:02",
"dateReserved": "2019-01-02T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45863
Vulnerability from cvelistv5
Published
2024-09-27 13:50
Modified
2024-09-27 14:29
Severity ?
EPSS score ?
Summary
A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.facebook.com/security/advisories/cve-2024-45863 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Facebook Thrift |
Version: v2024.09.09.00 ≤ |
|
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:facebook:thrift:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thrift",
"vendor": "facebook",
"versions": [
{
"lessThan": "2024.09.23.00",
"status": "affected",
"version": "2024.09.09.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T14:28:57.801474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T14:29:01.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Facebook Thrift",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2024.09.23.00",
"status": "affected",
"version": "v2024.09.09.00",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2024-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T13:50:29.254Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2024-45863"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2024-45863",
"datePublished": "2024-09-27T13:50:29.254Z",
"dateReserved": "2024-09-10T18:21:24.359Z",
"dateUpdated": "2024-09-27T14:29:01.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11939
Vulnerability from cvelistv5
Published
2020-03-18 00:40
Modified
2024-08-04 23:10
Severity ?
EPSS score ?
Summary
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757 | x_refsource_MISC | |
| https://www.facebook.com/security/advisories/cve-2019-11939 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Facebook Thrift |
Patch: v2020.03.16.00 Version: unspecified < v2020.03.16.00 |
|
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:29.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-11939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Thrift",
"vendor": "Facebook",
"versions": [
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2020.03.16.00",
"versionType": "custom"
},
{
"lessThan": "v2020.03.16.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T00:40:12",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-11939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-02-14",
"ID": "CVE-2019-11939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Thrift",
"version": {
"version_data": [
{
"version_affected": "!\u003e=",
"version_value": "v2020.03.16.00"
},
{
"version_affected": "\u003c",
"version_value": "v2020.03.16.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allocation of Resources Without Limits or Throttling (CWE-770)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757",
"refsource": "MISC",
"url": "https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757"
},
{
"name": "https://www.facebook.com/security/advisories/cve-2019-11939",
"refsource": "CONFIRM",
"url": "https://www.facebook.com/security/advisories/cve-2019-11939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-11939",
"datePublished": "2020-03-18T00:40:12",
"dateReserved": "2019-05-13T00:00:00",
"dateUpdated": "2024-08-04T23:10:29.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3559
Vulnerability from cvelistv5
Published
2019-05-06 15:15
Modified
2024-08-04 19:12
Severity ?
EPSS score ?
Summary
Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943 | x_refsource_MISC | |
| https://www.facebook.com/security/advisories/cve-2019-3559 | x_refsource_MISC | |
| https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Facebook Thrift |
Version: v2019.02.18.00 Version: unspecified < v2019.02.18.00 |
|
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3559"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Thrift",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "v2019.02.18.00"
},
{
"lessThan": "v2019.02.18.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "Excessive Iteration (CWE-834)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-16T05:06:28",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3559"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-02-15",
"ID": "CVE-2019-3559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Thrift",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "v2019.02.18.00"
},
{
"version_affected": "\u003c",
"version_value": "v2019.02.18.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Excessive Iteration (CWE-834)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943",
"refsource": "MISC",
"url": "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943"
},
{
"name": "https://www.facebook.com/security/advisories/cve-2019-3559",
"refsource": "MISC",
"url": "https://www.facebook.com/security/advisories/cve-2019-3559"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-3559",
"datePublished": "2019-05-06T15:15:02",
"dateReserved": "2019-01-02T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-24028
Vulnerability from cvelistv5
Published
2021-04-13 23:20
Modified
2024-08-03 19:21
Severity ?
EPSS score ?
Summary
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339 | x_refsource_CONFIRM | |
| https://www.facebook.com/security/advisories/cve-2021-24028 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Facebook Thrift |
Version: unspecified < v2021.02.22.00 Patch: v2021.02.22.00 |
|
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2021-24028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Facebook Thrift",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2021.02.22.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2021.02.22.00",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2021-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An invalid free in Thrift\u0027s table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763: Release of Invalid Pointer or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T23:20:12",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2021-24028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-04-13",
"ID": "CVE-2021-24028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Facebook Thrift",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2021.02.22.00"
},
{
"version_affected": "!\u003e=",
"version_value": "v2021.02.22.00"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An invalid free in Thrift\u0027s table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-763: Release of Invalid Pointer or Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339",
"refsource": "CONFIRM",
"url": "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339"
},
{
"name": "https://www.facebook.com/security/advisories/cve-2021-24028",
"refsource": "CONFIRM",
"url": "https://www.facebook.com/security/advisories/cve-2021-24028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2021-24028",
"datePublished": "2021-04-13T23:20:13",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}