---

CVE-2020-13949 - log back

CVE-2020-13949 edited at 11 Feb 2021 23:08:10
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ Applications using Thrift before version 0.14.0 would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
References	+ https://www.openwall.com/lists/oss-security/2021/02/11/2
Notes

CVE-2020-13949 created at 11 Feb 2021 23:03:29