Denial of Service Issue in Facebook Thrift Servers
CVE-2019-3558

7.5HIGH

Key Information:

Vendor: Facebook
Status: Facebook Thrift
Vendor: CVE Published:; 6 May 2019

🔔 Create Facebook Vulnerability Alert

What is CVE-2019-3558?

Facebook Thrift servers exhibit a vulnerability where they fail to handle messages with unknown field types properly. This flaw allows malicious clients to send short messages that result in prolonged parsing times for the server, which can cause a denial of service. This issue impacts versions of Facebook Thrift released before February 18, 2019.

Affected Version(s)

Facebook Thrift v2019.02.18.00

Facebook Thrift < unspecified

References

https://github.com/facebook/fbthrift/commit/c5d6e07588cd0...

x_refsource_MISC

https://www.facebook.com/security/advisories/cve-2019-3558

x_refsource_MISC

http://www.securityfocus.com/bid/108274

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2019
Vulnerability Reserved
Jan 2, 2019

.