CVE-2019-0205

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Thrift
Vendor: CVE Published:; 29 October 2019

Summary

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

Affected Version(s)

Apache Thrift all versions up to and including 0.12.0

References

https://lists.apache.org/thread.html/928cae83d20d8d8196c2...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/a9669756befaeb0f8e08...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/3dfa054b89274c9109c2...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2019
Vulnerability Reserved
Nov 14, 2018

.