CVE-2020-13949
published 2021-02-12CVE-2020-13949: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | hive | < 4.0.0 | 4.0.0 |
| apache | thrift | 0.9.3 – 0.13.0 | — |
| apache_software_foundation | apache_thrift | < 0.23.0 | 0.23.0 |
| debian | thrift | < thrift 0.16.0-3 (bookworm) | thrift 0.16.0-3 (bookworm) |
| thrift | >= 0 < 0.16.0-3 | 0.16.0-3 | |
| thrift | >= 0 < 0.16.0-3 | 0.16.0-3 | |
| thrift | >= 0 < 0.16.0-3 | 0.16.0-3 | |
| oracle | communications_cloud_native_core_network_slice_selection_function | — | — |
| oracle | communications_cloud_native_core_policy | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH