CVE-2019-0205

CWE-835CWE-400Uncontrolled Resource Consumption11 documents8 sources
Severity
7.5HIGH
EPSS
0.7%
top 28.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apache ThriftApache Apache ThriftOracle Communications Cloud Native Core Network Slice Selection Function+1 more
Timeline
PublishedOct 29
Latest updateMay 24

Description

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDapache/thrift0.12.0
CVEListV5apache/apache_thriftall versions up to and including 0.12.0
Debianthrift< 0.13.0-2+3

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
Loop with Unreachable Exit Condition in Apache Thrift2022-05-24
OSV
Loop with Unreachable Exit Condition in Apache Thrift2022-05-24
OSV
CVE-2019-0205: In Apache Thrift all versions up to and including 02019-10-29
CVEList
CVE-2019-0205: In Apache Thrift all versions up to and including 02019-10-28

📋Vendor Advisories

3
Red Hat
thrift: Endless loop when feed with specific input data2019-10-17
Microsoft
In Apache Thrift all versions up to and including 0.12.0 a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in versi2019-10-08
Debian
CVE-2019-0205: thrift - In Apache Thrift all versions up to and including 0.12.0, a server or client may...2019

💬Community

3
Bugzilla
CVE-2019-0205 thrift: Endless loop when feed with specific input data2019-10-23
Bugzilla
CVE-2019-0205 thrift: Endless loop when feed with specific input data [epel-7]2019-10-23
Bugzilla
CVE-2019-0205 thrift: Endless loop when feed with specific input data [fedora-all]2019-10-23