Facebook

Thrift

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-45773

  • EPSS 0.42%
  • Published 27.09.2024 14:15:04
  • Last modified 30.09.2024 12:45:57

A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00.

5.3

CVE-2024-45863

  • EPSS 0.22%
  • Published 27.09.2024 14:15:04
  • Last modified 30.09.2024 12:45:57

A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.0...

9.8

CVE-2021-24028

  • EPSS 1.67%
  • Published 14.04.2021 00:15:13
  • Last modified 21.11.2024 05:52:14

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.

7.5

CVE-2019-11939

  • EPSS 0.62%
  • Published 18.03.2020 01:15:11
  • Last modified 21.11.2024 04:22:01

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leadin...

7.5

CVE-2019-11938

  • EPSS 0.64%
  • Published 10.03.2020 21:15:11
  • Last modified 21.11.2024 04:22:01

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading ...

7.5

CVE-2019-3553

  • EPSS 0.64%
  • Published 10.03.2020 21:15:11
  • Last modified 21.11.2024 04:42:09

C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading t...

7.5

CVE-2019-3559

  • EPSS 0.56%
  • Published 06.05.2019 16:29:01
  • Last modified 21.11.2024 04:42:09

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to deni...

7.5

CVE-2019-3564

  • EPSS 0.56%
  • Published 06.05.2019 16:29:01
  • Last modified 21.11.2024 04:42:10

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial...

7.5

CVE-2019-3565

  • EPSS 2.13%
  • Published 06.05.2019 16:29:01
  • Last modified 21.11.2024 04:42:10

Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to ...

7.5

CVE-2019-3552

  • EPSS 0.4%
  • Published 06.05.2019 16:29:00
  • Last modified 21.11.2024 04:42:09

C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially lea...