Security Advisory

CVE-2019-11939

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-03-18 00:40:12

Last updated 2024-08-04 23:10:29

Assigner facebook

State PUBLISHED

Description

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.

← Browse all CVEs View on cve.org ↗