PT-2026-35699 · Apache · Apache Thrift

김범수

Published

2026-04-28

Updated

2026-06-10

CVE-2026-41602

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0

Description An integer overflow or wraparound issue exists in the Go language implementation of the TFramedTransport component in Apache Thrift. An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of digits.

Recommendations Upgrade to version 0.23.0.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BIT-THRIFT-2026-41602

CLEANSTART-2026-GA28186

CLEANSTART-2026-MJ26242

CLEANSTART-2026-VT65447

CVE-2026-41602

GHSA-WF45-Q9CH-Q8GH

OPENSUSE-SU-2026:10685-1

OPENSUSE-SU-2026:10692-1

OPENSUSE-SU-2026:10699-1

OPENSUSE-SU-2026:10744-1

OPENSUSE-SU-2026:20940-1

Affected Products

Apache Thrift

PT-2026-35699 · Apache · Apache Thrift

CVE-2026-41602

Weakness Enumeration

Related Identifiers

Affected Products

References · 123