Security Advisory

CVE-2019-11938

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-03-10 20:30:20

Last updated 2024-08-04 23:10:29

Assigner facebook

State PUBLISHED

Description

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.

← Browse all CVEs View on cve.org ↗