Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-3552: Throw on bad types during skipping data · facebook/fbthrift@c5d6e07

C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.

CVE
#dos

Related news

Twitch Leak Included Emails, Passwords in Clear Text: Researcher

A researcher combed through the Twitch leak and found what they said was evidence of PayPal chargebacks with names and emails; employees' emails; and more.

Twitch Leak Included Emails, Password: Researcher

A researcher combed through the Twitch leak and found what they said was evidence of PayPal chargebacks with names and emails, employees' emails, and more.

CVE-2019-3558: Facebook

Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.

CVE-2019-3564: Facebook

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.

CVE-2019-3559: Facebook

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.

CVE-2019-3565: Facebook

Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907