View at Official alpine advisory, NVD, CVE.org · CVE detail
Freshness: no update timestamp found; verify against the upstream OS advisory manually.
CVE-2019-3553: 1 source package rows (thrift); 12 state rows across 7 repos (3.17-community, 3.18-community, 3.19-community, 3.20-community, 3.22-community, 3.23-community, edge-community); fixed 0, open 12.
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00.