Facebook

Thrift

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-45773

  • EPSS 0.42%
  • Veröffentlicht 27.09.2024 14:15:04
  • Zuletzt bearbeitet 30.09.2024 12:45:57

A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00.

5.3

CVE-2024-45863

  • EPSS 0.22%
  • Veröffentlicht 27.09.2024 14:15:04
  • Zuletzt bearbeitet 30.09.2024 12:45:57

A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.0...

9.8

CVE-2021-24028

  • EPSS 1.67%
  • Veröffentlicht 14.04.2021 00:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:14

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.

7.5

CVE-2019-11939

  • EPSS 0.62%
  • Veröffentlicht 18.03.2020 01:15:11
  • Zuletzt bearbeitet 21.11.2024 04:22:01

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leadin...

7.5

CVE-2019-11938

  • EPSS 0.64%
  • Veröffentlicht 10.03.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:22:01

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading ...

7.5

CVE-2019-3553

  • EPSS 0.64%
  • Veröffentlicht 10.03.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:42:09

C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading t...

7.5

CVE-2019-3559

  • EPSS 0.56%
  • Veröffentlicht 06.05.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:09

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to deni...

7.5

CVE-2019-3564

  • EPSS 0.56%
  • Veröffentlicht 06.05.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:10

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial...

7.5

CVE-2019-3565

  • EPSS 2.13%
  • Veröffentlicht 06.05.2019 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:10

Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to ...

7.5

CVE-2019-3552

  • EPSS 0.4%
  • Veröffentlicht 06.05.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:09

C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially lea...