Denial of Service Vulnerability in Facebook Thrift Servers
CVE-2019-3564

7.5HIGH

Key Information:

Vendor

Facebook

Status
Facebook Thrift
Vendor
CVE Published:
6 May 2019

What is CVE-2019-3564?

The vulnerability in Facebook Thrift servers arises from improper handling of messages containing containers of fields with unknown types. This flaw allows malicious clients to send short messages that the server struggles to parse efficiently. Consequently, this can lead to prolonged server response times and may result in a denial of service. The issue affects all versions of Facebook Thrift prior to v2019.03.04.00, emphasizing the need for updating to safeguard against such attacks.

Affected Version(s)

Facebook Thrift v2019.03.04.00

Facebook Thrift < unspecified

References

https://github.com/facebook/fbthrift/commit/c461c1bd1a3e1...
x_refsource_MISC
https://www.facebook.com/security/advisories/cve-2019-3564
x_refsource_MISC
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-3564 : Denial of Service Vulnerability in Facebook Thrift Servers