New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2019-0210 - Out-of-bounds read in Apache Thrift #3

Open

MGathier opened this issue Dec 31, 2024 · 1 comment

Labels

CVSS: High Type: Security

Contributor

MGathier commented Dec 31, 2024 •

edited

Loading

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when fed with invalid input data.

Found in libthrift 0.11.0, resolved in 0.13.0

MGathier added CVSS: High Type: Security labels

Contributor Author

MGathier commented Dec 31, 2024

libthrift is only used by the Jaeger exporter for gRPC metrics. This is disabled by default.

see also #2

MGathier changed the title ~~CVE-2019-0210 - OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities~~ CVE-2019-0210 - Out-of-bounds read in Apache Thrift

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment