CVE-2019-0210 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2019-0210

CVE-2019-0210

October 28, 2019

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

Affected Packages

github.com/apache/thrift (GO):

Affected version(s) >=v0.12.0 <v0.13.0

Fix Suggestion:

Update to version v0.13.0

Related Resources (22)

https://access.redhat.com/errata/RHSA-2020:0806

https://lists.apache.org/thread.html/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142@%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9@%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f@%3Ccommits.pulsar.apache.org%3E

https://www.oracle.com//security-alerts/cpujul2021.html

https://security.gentoo.org/glsa/202107-32

https://access.redhat.com/errata/RHSA-2020:0804

https://github.com/apache/thrift/commit/264a3f318ed3e9e51573f67f963c8509786bcec2

https://access.redhat.com/errata/RHSA-2020:0805

https://security-tracker.debian.org/tracker/CVE-2019-0210

http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E

https://github.com/apache/thrift

https://access.redhat.com/errata/RHSA-2020:0811

https://lists.apache.org/thread.html/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff@%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142%40%3Ccommits.pulsar.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2019-0210

https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f%40%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff%40%3Ccommits.pulsar.apache.org%3E

https://github.com/apache/thrift/blob/master/CHANGES.md#0130

https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9%40%3Ccommits.pulsar.apache.org%3E

https://www.oracle.com/security-alerts/cpujul2021.html

https://pkg.go.dev/vuln/GO-2021-0101

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

CVSS v2

Base Score:

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

EPSS

Base Score:

0.36

Products

Solutions

Resources

Company

Compare

Developer Tools