PT-2019-4350 · Apache+2 · Apache Thrift+2

Published

2019-10-28

Updated

2026-05-18

CVE-2019-0205

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache Thrift versions up to and including 0.12.0

Description The issue is related to a server or client potentially running into an endless loop when fed with specific input data, which could allow a remote attacker to cause a denial of service. The problem had been partially fixed in version 0.11.0, but it still affects certain language bindings depending on the installed version.

Recommendations For Apache Thrift versions up to and including 0.12.0, consider updating to a version where this issue is fully resolved, as the current version may cause a server or client to run into an endless loop when fed with specific input data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2020-2981

AZL-41158

BDU:2020-00070

CLEANSTART-2026-KU61465

CLEANSTART-2026-LE11246

CLEANSTART-2026-RN56220

CVE-2019-0205

GHSA-RJ7P-RFGP-852X

OESA-2021-1017

RHSA-2020:0804

RHSA-2020:0805

RHSA-2020:0806

RHSA-2020:0962

RHSA-2020:2511

RHSA-2020:2512

RHSA-2020:2513

Affected Products

Alt Linux

Apache Thrift

Astra Linux

PT-2019-4350 · Apache+2 · Apache Thrift+2

CVE-2019-0205

Weakness Enumeration

Related Identifiers

Affected Products

References · 275