| modules: |
| - module: github.com/facebook/fbthrift |
| versions: |
| - fixed: 0.31.1-0.20200311080807-483ed864d69f |
| packages: |
| - package: github.com/facebook/fbthrift/thrift/lib/go/thrift |
| description: | |
| Thirft Servers preallocate memory for the declared size of messages before |
| checking the actual size of the message. This allows a malicious user to |
| send messages that declare that they are significantly larger than they |
| actually are, allowing them to force the server to allocate significant |
| amounts of memory. This can be used as a denial of service vector. |
| published: 2021-04-14T20:04:52Z |
| cves: |
| - CVE-2019-11939 |
| references: |
| - fix: https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757 |
| - web: https://www.facebook.com/security/advisories/cve-2019-11939 |