CVE-2019-3564

{"id": "CVE-2019-3564", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-05-06T16:29:01.210", "references": [{"url": "https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156", "tags": ["Patch", "Third Party Advisory"], "source": "cve-assign@fb.com"}, {"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", "source": "cve-assign@fb.com"}, {"url": "https://www.facebook.com/security/advisories/cve-2019-3564", "tags": ["Vendor Advisory"], "source": "cve-assign@fb.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-755"}]}, {"type": "Secondary", "source": "cve-assign@fb.com", "description": [{"lang": "en", "value": "CWE-834"}]}], "descriptions": [{"lang": "en", "value": "Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00."}, {"lang": "es", "value": "Los servidores Thrift de Go Facebook no emitir\u00edan errores al recibir mensajes con contenedores de campos de tipo desconocido. En consecuencia, los clientes maliciosos podr\u00edan enviar mensajes cortos, lo que llevar\u00eda mucho tiempo para que el servidor los analice, esto conllevar\u00eda a una Denegaci\u00f3n de Servicio. Este problema afecta a Facebook Thrift antes de versi\u00f3n 2019.03.04.00."}], "lastModified": "2023-11-07T03:09:54.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:facebook:thrift:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB2CB7BA-9067-42CC-883E-533547C95A12", "versionEndExcluding": "2019.03.04.00"}], "operator": "OR"}]}], "sourceIdentifier": "cve-assign@fb.com"}