PT-2019-16613 · Facebook · Facebook Thrift

Publicado

2019-05-06

Atualizado

2022-02-15

CVE-2019-3564

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Facebook Thrift versions prior to v2019.03.04.00

Description The issue allows malicious clients to send short messages with unknown fields that can take a long time for the server to parse, potentially leading to denial of service. This is because the server does not error upon receiving messages with containers of fields of unknown type and instead attempts to parse them, which can consume significant resources.

Recommendations For Facebook Thrift versions prior to v2019.03.04.00, update to version v2019.03.04.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the server to trusted users only to minimize the risk of exploitation.

Correção

RCE

Improper Handling of Exceptional Conditions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-834CWE-20CWE-755

Identificadores relacionados

CVE-2019-3564

GHSA-X4RG-4545-4W7W

GO-2021-0088

Produtos afetados

Facebook Thrift

PT-2019-16613 · Facebook · Facebook Thrift

CVE-2019-3564

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14