Input Validation Flaw in Go Server Implementation in Apache Thrift
CVE-2019-0210

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Thrift
Vendor: CVE Published:; 29 October 2019

🔔 Create Apache Vulnerability Alert

What is CVE-2019-0210?

Apache Thrift versions 0.9.3 to 0.12.0 are susceptible to an input validation flaw. When a server implemented in Go utilizes TJSONProtocol or TSimpleJSONProtocol, it may experience a panic if it receives invalid input data. This condition can disrupt the normal functioning of the server and lead to potential service outages.

Affected Version(s)

Apache Thrift 0.9.3 to 0.12.0

References

https://access.redhat.com/errata/RHSA-2020:0806

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2020:0811

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2020:0804

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2019
Vulnerability Reserved
Nov 14, 2018

.