CVE-2020-13949 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
Applications using Thrift before version 0.14.0 would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
Group Package Affected Fixed Severity Status Ticket
AVG-1568 thrift 0.13.0-1 0.14.0-1 Medium Fixed
References
https://www.openwall.com/lists/oss-security/2021/02/11/2