CVE-2019-11939: Allocation of Resources Without Limits or Throttling

March 18, 2020 (updated March 20, 2020)

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

References

nvd.nist.gov/vuln/detail/CVE-2019-11939
www.facebook.com/security/advisories/cve-2019-11939

Code Behaviors & Features

Detect and mitigate CVE-2019-11939 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →