CVE-2019-3564: Improper Input Validation

May 6, 2019 (updated October 9, 2019)

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service.

References

nvd.nist.gov/vuln/detail/CVE-2019-3564
www.facebook.com/security/advisories/cve-2019-3564

Detect and mitigate CVE-2019-3564 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →