GHSA-rj7p-rfgp-852x

Suggest an improvement
Source
https://github.com/advisories/GHSA-rj7p-rfgp-852x
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rj7p-rfgp-852x/GHSA-rj7p-rfgp-852x.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-rj7p-rfgp-852x
Aliases
Related
Published
2022-05-24T17:00:01Z
Modified
2024-03-10T05:16:21.459619Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Loop with Unreachable Exit Condition in Apache Thrift
Details

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

Database specific
{
    "nvd_published_at": "2019-10-29T19:15:00Z",
    "cwe_ids": [
        "CWE-835"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-27T16:12:09Z"
}
References

Affected packages

Maven / org.apache.thrift:libthrift

Package

Name
org.apache.thrift:libthrift
View open source insights on deps.dev
Purl
pkg:maven/org.apache.thrift/libthrift

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.13.0

Affected versions

0.*

0.6.1
0.7.0
0.8.0
0.9.0
0.9.1
0.9.2
0.9.3
0.9.3-1
0.10.0
0.11.0
0.12.0

Database specific

{
    "last_known_affected_version_range": "<= 0.12.0"
}