CVE-2015-3254
MEDIUMApache Thrift < 0.9.2 - Authenticated Denial of Service via Skip Function
Title source: llmDescription
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
References (6)
Core 6
Core References
Mailing List, Third Party Advisory x_refsource_confirm
http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://issues.apache.org/jira/browse/THRIFT-3231
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99112
Various Sources mailing-list
x_refsource_mlist
https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew%40mail.gmail.com%3E
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2477
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3115
Scores
CVSS v3
6.5
EPSS
0.0180
EPSS Percentile
83.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (1)
apache/thrift
< 0.9.2
Published
Jun 16, 2017
Tracked Since
Feb 18, 2026