This page lists publicly disclosed CVE vulnerabilities affecting facebook thrift (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-24028 | An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. | [email protected] | 9.8 | 1.67% | 2021-04-14 | 2024-11-21 |
| CVE-2019-11939 | Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00. | [email protected] | 7.5 | 0.54% | 2020-03-18 | 2024-11-21 |
| CVE-2019-3553 | C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00. | [email protected] | 7.5 | 0.56% | 2020-03-10 | 2024-11-21 |
| CVE-2019-11938 | Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00. | [email protected] | 7.5 | 0.56% | 2020-03-10 | 2024-11-21 |
| CVE-2019-3565 | Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00. | [email protected] | 7.5 | 1.70% | 2019-05-06 | 2024-11-21 |
| CVE-2019-3564 | Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00. | [email protected] | 7.5 | 0.55% | 2019-05-06 | 2024-11-21 |
| CVE-2019-3559 | Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | [email protected] | 7.5 | 0.55% | 2019-05-06 | 2024-11-21 |
| CVE-2019-3558 | Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | [email protected] | 7.5 | 0.73% | 2019-05-06 | 2024-11-21 |
| CVE-2019-3552 | C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. | [email protected] | 7.5 | 0.40% | 2019-05-06 | 2024-11-21 |