Denial of Service Vulnerability in Facebook Thrift Servers
CVE-2019-3553

7.5HIGH

Key Information:

Vendor

Facebook

Status
Facebook Thrift
Vendor
CVE Published:
10 March 2020

What is CVE-2019-3553?

A vulnerability exists in C++ implementations of Facebook Thrift servers, where they do not return an error when receiving messages with container sizes larger than expected. This can be exploited by malicious clients sending shorter messages that lead to excessive memory allocation, which could result in denial of service. The impact is present in versions of Facebook Thrift prior to v2020.02.03.00.

Affected Version(s)

Facebook Thrift < unspecified

Facebook Thrift v2020.02.03.00

References

https://github.com/facebook/fbthrift/commit/c9a903e590283...
x_refsource_MISC
https://github.com/facebook/fbthrift/commit/3f156207e8a65...
x_refsource_MISC
https://www.facebook.com/security/advisories/cve-2019-3553
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-3553 : Denial of Service Vulnerability in Facebook Thrift Servers