Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for thrift by facebook

    CVE-2021-24028 (GCVE-0-2021-24028)

    Vulnerability from nvd – Published: 2021-04-13 23:20 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-763 - Release of Invalid Pointer or Reference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Affected: unspecified , < v2021.02.22.00 (custom)
    Unaffected: v2021.02.22.00 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2021-24028"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2021.02.22.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2021.02.22.00",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An invalid free in Thrift\u0027s table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-763",
                  "description": "CWE-763: Release of Invalid Pointer or Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-13T23:20:12.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2021-24028"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-04-13",
              "ID": "CVE-2021-24028",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2021.02.22.00"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2021.02.22.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An invalid free in Thrift\u0027s table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-763: Release of Invalid Pointer or Reference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2021-24028",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2021-24028"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24028",
        "datePublished": "2021-04-13T23:20:13.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11939 (GCVE-0-2019-11939)

    Vulnerability from nvd – Published: 2020-03-18 00:40 – Updated: 2024-08-04 23:10
    VLAI
    Summary
    Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling (CWE-770)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Unaffected: v2020.03.16.00 , < unspecified (custom)
    Affected: unspecified , < v2020.03.16.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:10:29.633Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-11939"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2020.03.16.00",
                  "versionType": "custom"
                },
                {
                  "lessThan": "v2020.03.16.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T00:40:12.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-11939"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-02-14",
              "ID": "CVE-2019-11939",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2020.03.16.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2020.03.16.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Allocation of Resources Without Limits or Throttling (CWE-770)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-11939",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-11939"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-11939",
        "datePublished": "2020-03-18T00:40:12.000Z",
        "dateReserved": "2019-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:10:29.633Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3553 (GCVE-0-2019-3553)

    Vulnerability from nvd – Published: 2020-03-10 20:30 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling (CWE-770)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Unaffected: v2020.02.03.00 , < unspecified (custom)
    Affected: unspecified , < v2020.02.03.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.503Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-3553"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2020.02.03.00",
                  "versionType": "custom"
                },
                {
                  "lessThan": "v2020.02.03.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-10T20:30:21.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-3553"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-02-14",
              "ID": "CVE-2019-3553",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2020.02.03.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2020.02.03.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Allocation of Resources Without Limits or Throttling (CWE-770)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351"
                },
                {
                  "name": "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-3553",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-3553"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3553",
        "datePublished": "2020-03-10T20:30:21.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11938 (GCVE-0-2019-11938)

    Vulnerability from nvd – Published: 2020-03-10 20:30 – Updated: 2024-08-04 23:10
    VLAI
    Summary
    Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling (CWE-770)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Unaffected: v2019.12.09.00 , < unspecified (custom)
    Affected: unspecified , < v2019.12.09.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:10:29.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-11938"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2019.12.09.00",
                  "versionType": "custom"
                },
                {
                  "lessThan": "v2019.12.09.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-10T20:30:20.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-11938"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-02-14",
              "ID": "CVE-2019-11938",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2019.12.09.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2019.12.09.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Allocation of Resources Without Limits or Throttling (CWE-770)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030"
                },
                {
                  "name": "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-11938",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-11938"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-11938",
        "datePublished": "2020-03-10T20:30:20.000Z",
        "dateReserved": "2019-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:10:29.610Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3565 (GCVE-0-2019-3565)

    Vulnerability from nvd – Published: 2019-05-06 15:15 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-834 - Excessive Iteration (CWE-834)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Affected: v2019.05.06.00
    Affected: unspecified , < v2019.05.06.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-3565"
              },
              {
                "name": "108280",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108280"
              },
              {
                "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2019.05.06.00"
                },
                {
                  "lessThan": "v2019.05.06.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-834",
                  "description": "Excessive Iteration (CWE-834)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-16T05:06:31.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-3565"
            },
            {
              "name": "108280",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108280"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-05-02",
              "ID": "CVE-2019-3565",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "v2019.05.06.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2019.05.06.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Excessive Iteration (CWE-834)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-3565",
                  "refsource": "MISC",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-3565"
                },
                {
                  "name": "108280",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108280"
                },
                {
                  "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3565",
        "datePublished": "2019-05-06T15:15:02.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3564 (GCVE-0-2019-3564)

    Vulnerability from nvd – Published: 2019-05-06 15:15 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-834 - Excessive Iteration (CWE-834)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Affected: v2019.03.04.00
    Affected: unspecified , < v2019.03.04.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-3564"
              },
              {
                "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2019.03.04.00"
                },
                {
                  "lessThan": "v2019.03.04.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-834",
                  "description": "Excessive Iteration (CWE-834)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-16T05:06:24.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-3564"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-02-25",
              "ID": "CVE-2019-3564",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "v2019.03.04.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2019.03.04.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Excessive Iteration (CWE-834)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-3564",
                  "refsource": "MISC",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-3564"
                },
                {
                  "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3564",
        "datePublished": "2019-05-06T15:15:02.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3559 (GCVE-0-2019-3559)

    Vulnerability from nvd – Published: 2019-05-06 15:15 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-834 - Excessive Iteration (CWE-834)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Affected: v2019.02.18.00
    Affected: unspecified , < v2019.02.18.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.476Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-3559"
              },
              {
                "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2019.02.18.00"
                },
                {
                  "lessThan": "v2019.02.18.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-834",
                  "description": "Excessive Iteration (CWE-834)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-16T05:06:28.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-3559"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-02-15",
              "ID": "CVE-2019-3559",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "v2019.02.18.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2019.02.18.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Excessive Iteration (CWE-834)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-3559",
                  "refsource": "MISC",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-3559"
                },
                {
                  "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3559",
        "datePublished": "2019-05-06T15:15:02.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3558 (GCVE-0-2019-3558)

    Vulnerability from nvd – Published: 2019-05-06 15:15 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-834 - Excessive Iteration (CWE-834)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Affected: v2019.02.18.00
    Affected: unspecified , < v2019.02.18.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.557Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-3558"
              },
              {
                "name": "108274",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108274"
              },
              {
                "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2019.02.18.00"
                },
                {
                  "lessThan": "v2019.02.18.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-834",
                  "description": "Excessive Iteration (CWE-834)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-16T05:06:08.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-3558"
            },
            {
              "name": "108274",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108274"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-02-15",
              "ID": "CVE-2019-3558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "v2019.02.18.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2019.02.18.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Excessive Iteration (CWE-834)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-3558",
                  "refsource": "MISC",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-3558"
                },
                {
                  "name": "108274",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108274"
                },
                {
                  "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3558",
        "datePublished": "2019-05-06T15:15:02.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3552 (GCVE-0-2019-3552)

    Vulnerability from nvd – Published: 2019-05-06 15:15 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-834 - Excessive Iteration (CWE-834)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Affected: v2019.02.18.00
    Affected: unspecified , < v2019.02.18.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
              },
              {
                "name": "108279",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108279"
              },
              {
                "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2019.02.18.00"
                },
                {
                  "lessThan": "v2019.02.18.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-834",
                  "description": "Excessive Iteration (CWE-834)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-16T05:06:21.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
            },
            {
              "name": "108279",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108279"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-02-15",
              "ID": "CVE-2019-3552",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "v2019.02.18.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2019.02.18.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Excessive Iteration (CWE-834)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
                },
                {
                  "name": "108279",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108279"
                },
                {
                  "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3552",
        "datePublished": "2019-05-06T15:15:02.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24028 (GCVE-0-2021-24028)

    Vulnerability from cvelistv5 – Published: 2021-04-13 23:20 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-763 - Release of Invalid Pointer or Reference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Affected: unspecified , < v2021.02.22.00 (custom)
    Unaffected: v2021.02.22.00 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2021-24028"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2021.02.22.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2021.02.22.00",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An invalid free in Thrift\u0027s table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-763",
                  "description": "CWE-763: Release of Invalid Pointer or Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-13T23:20:12.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2021-24028"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-04-13",
              "ID": "CVE-2021-24028",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2021.02.22.00"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2021.02.22.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An invalid free in Thrift\u0027s table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-763: Release of Invalid Pointer or Reference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2021-24028",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2021-24028"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24028",
        "datePublished": "2021-04-13T23:20:13.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11939 (GCVE-0-2019-11939)

    Vulnerability from cvelistv5 – Published: 2020-03-18 00:40 – Updated: 2024-08-04 23:10
    VLAI
    Summary
    Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling (CWE-770)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Unaffected: v2020.03.16.00 , < unspecified (custom)
    Affected: unspecified , < v2020.03.16.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:10:29.633Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-11939"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2020.03.16.00",
                  "versionType": "custom"
                },
                {
                  "lessThan": "v2020.03.16.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-18T00:40:12.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-11939"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-02-14",
              "ID": "CVE-2019-11939",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2020.03.16.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2020.03.16.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Allocation of Resources Without Limits or Throttling (CWE-770)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-11939",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-11939"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-11939",
        "datePublished": "2020-03-18T00:40:12.000Z",
        "dateReserved": "2019-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:10:29.633Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3553 (GCVE-0-2019-3553)

    Vulnerability from cvelistv5 – Published: 2020-03-10 20:30 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling (CWE-770)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Unaffected: v2020.02.03.00 , < unspecified (custom)
    Affected: unspecified , < v2020.02.03.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.503Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-3553"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2020.02.03.00",
                  "versionType": "custom"
                },
                {
                  "lessThan": "v2020.02.03.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-10T20:30:21.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-3553"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-02-14",
              "ID": "CVE-2019-3553",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2020.02.03.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2020.02.03.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Allocation of Resources Without Limits or Throttling (CWE-770)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351"
                },
                {
                  "name": "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-3553",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-3553"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3553",
        "datePublished": "2020-03-10T20:30:21.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11938 (GCVE-0-2019-11938)

    Vulnerability from cvelistv5 – Published: 2020-03-10 20:30 – Updated: 2024-08-04 23:10
    VLAI
    Summary
    Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling (CWE-770)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Unaffected: v2019.12.09.00 , < unspecified (custom)
    Affected: unspecified , < v2019.12.09.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:10:29.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-11938"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2019.12.09.00",
                  "versionType": "custom"
                },
                {
                  "lessThan": "v2019.12.09.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-10T20:30:20.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-11938"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-02-14",
              "ID": "CVE-2019-11938",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2019.12.09.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2019.12.09.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Allocation of Resources Without Limits or Throttling (CWE-770)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030"
                },
                {
                  "name": "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-11938",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-11938"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-11938",
        "datePublished": "2020-03-10T20:30:20.000Z",
        "dateReserved": "2019-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:10:29.610Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3559 (GCVE-0-2019-3559)

    Vulnerability from cvelistv5 – Published: 2019-05-06 15:15 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-834 - Excessive Iteration (CWE-834)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Affected: v2019.02.18.00
    Affected: unspecified , < v2019.02.18.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.476Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-3559"
              },
              {
                "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2019.02.18.00"
                },
                {
                  "lessThan": "v2019.02.18.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-834",
                  "description": "Excessive Iteration (CWE-834)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-16T05:06:28.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-3559"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-02-15",
              "ID": "CVE-2019-3559",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "v2019.02.18.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2019.02.18.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Excessive Iteration (CWE-834)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-3559",
                  "refsource": "MISC",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-3559"
                },
                {
                  "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3559",
        "datePublished": "2019-05-06T15:15:02.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3565 (GCVE-0-2019-3565)

    Vulnerability from cvelistv5 – Published: 2019-05-06 15:15 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-834 - Excessive Iteration (CWE-834)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Affected: v2019.05.06.00
    Affected: unspecified , < v2019.05.06.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-3565"
              },
              {
                "name": "108280",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108280"
              },
              {
                "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2019.05.06.00"
                },
                {
                  "lessThan": "v2019.05.06.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-834",
                  "description": "Excessive Iteration (CWE-834)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-16T05:06:31.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-3565"
            },
            {
              "name": "108280",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108280"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-05-02",
              "ID": "CVE-2019-3565",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "v2019.05.06.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2019.05.06.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Excessive Iteration (CWE-834)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-3565",
                  "refsource": "MISC",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-3565"
                },
                {
                  "name": "108280",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108280"
                },
                {
                  "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3565",
        "datePublished": "2019-05-06T15:15:02.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3552 (GCVE-0-2019-3552)

    Vulnerability from cvelistv5 – Published: 2019-05-06 15:15 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-834 - Excessive Iteration (CWE-834)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Affected: v2019.02.18.00
    Affected: unspecified , < v2019.02.18.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
              },
              {
                "name": "108279",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108279"
              },
              {
                "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2019.02.18.00"
                },
                {
                  "lessThan": "v2019.02.18.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-834",
                  "description": "Excessive Iteration (CWE-834)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-16T05:06:21.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
            },
            {
              "name": "108279",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108279"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-02-15",
              "ID": "CVE-2019-3552",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "v2019.02.18.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2019.02.18.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Excessive Iteration (CWE-834)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
                },
                {
                  "name": "108279",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108279"
                },
                {
                  "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3552",
        "datePublished": "2019-05-06T15:15:02.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3564 (GCVE-0-2019-3564)

    Vulnerability from cvelistv5 – Published: 2019-05-06 15:15 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-834 - Excessive Iteration (CWE-834)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Affected: v2019.03.04.00
    Affected: unspecified , < v2019.03.04.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-3564"
              },
              {
                "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2019.03.04.00"
                },
                {
                  "lessThan": "v2019.03.04.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-834",
                  "description": "Excessive Iteration (CWE-834)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-16T05:06:24.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-3564"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-02-25",
              "ID": "CVE-2019-3564",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "v2019.03.04.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2019.03.04.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Excessive Iteration (CWE-834)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-3564",
                  "refsource": "MISC",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-3564"
                },
                {
                  "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3564",
        "datePublished": "2019-05-06T15:15:02.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3558 (GCVE-0-2019-3558)

    Vulnerability from cvelistv5 – Published: 2019-05-06 15:15 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
    Severity
    No CVSS data available.
    CWE
    • CWE-834 - Excessive Iteration (CWE-834)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook Facebook Thrift Affected: v2019.02.18.00
    Affected: unspecified , < v2019.02.18.00 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.557Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-3558"
              },
              {
                "name": "108274",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108274"
              },
              {
                "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Facebook Thrift",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2019.02.18.00"
                },
                {
                  "lessThan": "v2019.02.18.00",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-834",
                  "description": "Excessive Iteration (CWE-834)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-16T05:06:08.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-3558"
            },
            {
              "name": "108274",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108274"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-02-15",
              "ID": "CVE-2019-3558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Facebook Thrift",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "v2019.02.18.00"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2019.02.18.00"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Excessive Iteration (CWE-834)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b",
                  "refsource": "MISC",
                  "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"
                },
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-3558",
                  "refsource": "MISC",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-3558"
                },
                {
                  "name": "108274",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108274"
                },
                {
                  "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3558",
        "datePublished": "2019-05-06T15:15:02.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.557Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }