PT-2019-4350 · Apache+2 · Apache Thrift+2

Publicado

2019-10-28

Atualizado

2026-05-18

CVE-2019-0205

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache Thrift versions up to and including 0.12.0

Description The issue is related to a server or client potentially running into an endless loop when fed with specific input data, which could allow a remote attacker to cause a denial of service. The problem had been partially fixed in version 0.11.0, but it still affects certain language bindings depending on the installed version.

Recommendations For Apache Thrift versions up to and including 0.12.0, consider updating to a version where this issue is fully resolved, as the current version may cause a server or client to run into an endless loop when fed with specific input data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

ALT-PU-2020-2981

AZL-41158

BDU:2020-00070

CLEANSTART-2026-KU61465

CLEANSTART-2026-LE11246

CLEANSTART-2026-RN56220

CVE-2019-0205

GHSA-RJ7P-RFGP-852X

OESA-2021-1017

RHSA-2020:0804

RHSA-2020:0805

RHSA-2020:0806

RHSA-2020:0962

RHSA-2020:2511

RHSA-2020:2512

RHSA-2020:2513

Produtos afetados

Alt Linux

Apache Thrift

Astra Linux

PT-2019-4350 · Apache+2 · Apache Thrift+2

CVE-2019-0205

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 275