CVE-2020-13949

Beschreibung:
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

CWE: CWE-400

CVSS-Bewertung
CVSS 2: MEDIUM – 5 (Version: 2.0)
CVSS 3: HIGH – 7.5 (Version: 3.1)

Links:

NVD – CVE-2020-13949
CVE – CVE-2020-13949

Link (max. 20) Quelle Tags
https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E MISC Mailing List Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 opened a new pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory Third Party Advisory
[hbase-issues] 20210215 [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210215 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] apurtell edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] apurtell commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210216 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[thrift-user] 20210217 Apache Thrift 0.14.0 Release not on Maven central MLIST Mailing List Vendor Advisory
[thrift-user] 20210224 Re: [SECURITY] CVE-2020-13949 Announcement MLIST Mailing List Vendor Advisory
[hbase-issues] 20210301 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Exploit Mailing List Vendor Advisory
[hbase-issues] 20210302 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Exploit Mailing List Vendor Advisory
[hbase-issues] 20210302 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210302 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210302 [GitHub] [hbase] Apache9 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210302 [GitHub] [hbase] pankaj72981 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210303 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory
[hbase-issues] 20210308 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 MLIST Mailing List Vendor Advisory

Quelle: NVD – CVE-2020-13949
Datum Veröffentlichung: 2021-02-12T20:15Z, Datum letzte Änderung: 2021-05-10T13:15Z