CVE-2020-13949

Uncontrolled Resource Consumption in go/github.com/apache/thrift/lib/go/thrift

Identifiers

CVE-2020-13949

Package Slug

go/github.com/apache/thrift/lib/go/thrift

Vulnerability

Uncontrolled Resource Consumption

Description

In Apache Thrift to, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

Affected Versions

All versions starting from 0.9.3 up to 0.13.0

Solution

Upgrade to version 0.14.0 or above.

Last Modified

2021-02-23

source