CVE-2020-13949

Uncontrolled Resource Consumption in maven/org.apache.thrift/libthrift

Identifiers

CVE-2020-13949

Package Slug

maven/org.apache.thrift/libthrift

Vulnerability

Uncontrolled Resource Consumption

Description

In Apache Thrift, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

Affected Versions

All versions starting from 0.9.3 up to 0.13.0

Solution

Upgrade to version 0.14.0 or above.

Last Modified

2021-03-11

source