ASA-202102-43 log generated external raw

[ASA-202102-43] thrift: denial of service
Arch Linux Security Advisory ASA-202102-43 ========================================== Severity: Medium Date : 2021-02-27 CVE-ID : CVE-2020-13949 Package : thrift Type : denial of service Remote : Yes Link : Summary ======= The package thrift before version 0.14.0-1 is vulnerable to denial of service. Resolution ========== Upgrade to 0.14.0-1. # pacman -Syu "thrift>=0.14.0-1" The problem has been fixed upstream in version 0.14.0. Workaround ========== None. Description =========== Applications using Thrift before version 0.14.0 would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. Impact ====== Malicious clients could send crafted messages crashing the server. References ==========