CVE-2019-0210

HIGH

Apache Thrift < 0.12.0 - Out-of-Bounds Read

Title source: rule
STIX 2.1

Description

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

References (11)

Core 11
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0806
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0811
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0804
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0805
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202107-32
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com//security-alerts/cpujul2021.html

Scores

CVSS v3 7.5
EPSS 0.0119
EPSS Percentile 79.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-125
Status published
Products (4)
apache/thrift 0.9.3 - 0.12.0
apache/thrift 0.9.3 - 0.13.0Go
oracle/communications_cloud_native_core_network_slice_selection_function 1.2.1
redhat/jboss_enterprise_application_platform 7.2.0
Published Oct 29, 2019
Tracked Since Feb 18, 2026