CVE-2019-3553

Name of the Vulnerable Software and Affected Versions Facebook Thrift versions prior to 2020.02.03.00

Description The issue allows malicious clients to send short messages that could result in large memory allocations, potentially leading to denial of service. This occurs because C++ Facebook Thrift servers do not error when receiving messages declaring containers of sizes larger than the payload.

Recommendations For versions prior to 2020.02.03.00, update to version 2020.02.03.00 or later to resolve the issue. As a temporary workaround, consider implementing size checks on incoming messages to prevent large memory allocations. Restrict access to the Thrift server to minimize the risk of exploitation.