CVE-2015-3254

CWE-20 — Improper Input Validation CWE-8357 documents5 sources

Severity

6.5MEDIUM

EPSS

1.8%

top 17.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Thrift

Timeline

PublishedJun 16

Latest updateMay 14

Description

The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDapache/thrift0.9.2

Patches

Patch: issues.apache.org ↗Patch: issues.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-4rvx-g54x-9p63: The client libraries in Apache Thrift before 0↗2022-05-14

▶

CVEList

CVE-2015-3254: The client libraries in Apache Thrift before 0↗2017-06-16

▶

📋Vendor Advisories

Red Hat

thrift: Infinite recursion via vectors involving the skip function↗2015-07-09

▶

💬Community

Bugzilla

CVE-2015-3254 thrift: Infinite recursion via vectors involving the skip function [fedora-all]↗2017-06-19

▶

Bugzilla

CVE-2015-3254 thrift: Infinite recursion via vectors involving the skip function↗2017-06-19

▶

Bugzilla

CVE-2015-3254 thrift: Infinite recursion via vectors involving the skip function [epel-7]↗2017-06-19

▶