CVE-2026-43868

MEDIUM

Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern

Title source: cna

Description

Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://lists.apache.org/thread/zj76dtwnbbs1m7z3focf4wd51pqpsmn9

Scores

CVSS v3 5.3

EPSS 0.0025

EPSS Percentile 48.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-789

Status published

Products (3)

apache/thrift < 0.23.0

Apache Software Foundation/Apache Thrift < 0.23.0

crates.io/thrift 0 - 0.22.0crates.io

Published May 05, 2026

Tracked Since May 05, 2026