blob: 97b4a2e6d402a6561a8653605415621f158d1490 [file] [log] [blame]
packages:
- module: github.com/facebook/fbthrift
package: github.com/facebook/fbthrift/thrift/lib/go/thrift
versions:
- fixed: 0.31.1-0.20200311080807-483ed864d69f
description: |
Thirft Servers preallocate memory for the declared size of messages before
checking the actual size of the message. This allows a malicious user to
send messages that declare that they are significantly larger than they
actually are, allowing them to force the server to allocate significant
amounts of memory. This can be used as a denial of service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2019-11939
links:
commit: https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757
context:
- https://www.facebook.com/security/advisories/cve-2019-11939