CVE-2020-13949 log

Severity Medium
Remote Yes
Type Denial of service
Applications using Thrift before version 0.14.0 would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
Group Package Affected Fixed Severity Status Ticket
AVG-1568 thrift 0.13.0-1 0.14.0-1 Medium Fixed