CVE-2020-13949 log

Severity Medium
Remote Yes
Type Denial of service
Applications using Thrift before version 0.14.0 would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
Group Package Affected Fixed Severity Status Ticket
AVG-1568 thrift 0.13.0-1 0.14.0-1 Medium Fixed
Date Advisory Group Package Severity Type
27 Feb 2021 ASA-202102-43 AVG-1568 thrift Medium denial of service