CVE-2019-0210

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Thrift
Vendor: CVE Published:; 29 October 2019

Summary

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

Affected Version(s)

Apache Thrift 0.9.3 to 0.12.0

References

https://access.redhat.com/errata/RHSA-2020:0806

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2020:0811

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2020:0804

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2019
Vulnerability Reserved
Nov 14, 2018

.