Denial of Service Vulnerability in Facebook Thrift Java Servers
CVE-2019-3559

7.5HIGH

Key Information:

Vendor

Facebook

Status
Facebook Thrift
Vendor
CVE Published:
6 May 2019

What is CVE-2019-3559?

The Facebook Thrift Java servers are susceptible to a denial of service vulnerability due to improper handling of messages containing fields of unknown type. Malicious clients can exploit this flaw by sending short messages that the server struggles to parse, leading to increased processing time and potential service interruptions. This issue impacts versions of Facebook Thrift prior to v2019.02.18.00.

Affected Version(s)

Facebook Thrift v2019.02.18.00

Facebook Thrift < unspecified

References

https://github.com/facebook/fbthrift/commit/a56346ceacad2...
x_refsource_MISC
https://www.facebook.com/security/advisories/cve-2019-3559
x_refsource_MISC
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-3559 : Denial of Service Vulnerability in Facebook Thrift Java Servers