CVE-2020-13949 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Denial of service |
| Description | Applications using Thrift before version 0.14.0 would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1568 | thrift | 0.13.0-1 | 0.14.0-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 27 Feb 2021 | ASA-202102-43 | AVG-1568 | thrift | Medium | denial of service |
| References |
|---|
https://www.openwall.com/lists/oss-security/2021/02/11/2 |