PT-2020-9226 · Facebook · Facebook Thrift
Published
2020-03-10
·
Updated
2020-03-11
·
CVE-2019-11938
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Facebook Thrift versions prior to 2019.12.09.00
Description
The issue allows malicious clients to send short messages that could result in large memory allocations, potentially leading to denial of service. This occurs because Java Facebook Thrift servers do not error when receiving messages with declared container sizes larger than the payload.
Recommendations
For versions prior to 2019.12.09.00, update to version 2019.12.09.00 or later to resolve the issue.
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Facebook Thrift