data/reports/GO-2021-0088.yaml - vulndb - Git at Google

 modules:
   - module: github.com/facebook/fbthrift
     versions:
       - fixed: 0.31.1-0.20190225164308-c461c1bd1a3e
     packages:
       - package: github.com/facebook/fbthrift/thrift/lib/go/thrift
         symbols:
           - Skip
         skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
 description: |
     Skip ignores unknown fields, rather than failing. A malicious user can craft small
     messages with unknown fields which can take significant resources to parse. If a
     server accepts messages from an untrusted user, it may be used as a denial of service
     vector.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2019-3564
 ghsas:
   - GHSA-x4rg-4545-4w7w
 references:
   - fix: https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
   - web: https://www.facebook.com/security/advisories/cve-2019-3564
	modules:
	- module: github.com/facebook/fbthrift
	versions:
	- fixed: 0.31.1-0.20190225164308-c461c1bd1a3e
	packages:
	- package: github.com/facebook/fbthrift/thrift/lib/go/thrift
	symbols:
	- Skip
	skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
	description: \|
	Skip ignores unknown fields, rather than failing. A malicious user can craft small
	messages with unknown fields which can take significant resources to parse. If a
	server accepts messages from an untrusted user, it may be used as a denial of service
	vector.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2019-3564
	ghsas:
	- GHSA-x4rg-4545-4w7w
	references:
	- fix: https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
	- web: https://www.facebook.com/security/advisories/cve-2019-3564