Vulnerability Description
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Thrift | <= 0.12.0 |
| Redhat | Jboss Enterprise Application Platform | 7.2.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Oracle | Communications Cloud Native Core Network Slice Selection Function | 1.2.1 |
Related Weaknesses (CWE)
References
- http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB21Mailing ListVendor Advisory
- https://access.redhat.com/errata/RHSA-2020:0804Third Party Advisory
- https://access.redhat.com/errata/RHSA-2020:0805Third Party Advisory
- https://access.redhat.com/errata/RHSA-2020:0806Third Party Advisory
- https://access.redhat.com/errata/RHSA-2020:0811Third Party Advisory
- https://lists.apache.org/thread.html/003ac686189e6ce7b99267784d04bf60059a8c323ee
- https://lists.apache.org/thread.html/07bd68ad237a5d513751d6d2731a8828f902c738ea5
- https://lists.apache.org/thread.html/0d058e1bfd11727c4f2e2adf4b6e403a47c38e22431
- https://lists.apache.org/thread.html/1193444c17f499f92cd198d464a2c1ffc92182c8348
- https://lists.apache.org/thread.html/1c18ec6ebfea0a9211992be952e8b33d0fda202c077
- https://lists.apache.org/thread.html/3dfa054b89274c9109c26ed1843ca15a14c03786f40
- https://lists.apache.org/thread.html/928cae83d20d8d8196c26118f7084aa37573e1d3116
- https://lists.apache.org/thread.html/9f7150d0b02e72d1154721a412e80cf797f1b7cfa29
- https://lists.apache.org/thread.html/a9669756befaeb0f8e08766d3f4d410a0fce85da3a5
- https://lists.apache.org/thread.html/r0c606d4be9aa163d132edf8edd8eb55e7b9464063b
FAQ
What is CVE-2019-0205?
CVE-2019-0205 is a vulnerability with a CVSS score of 7.5 (HIGH). In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in vers...
How severe is CVE-2019-0205?
CVE-2019-0205 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-0205?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Thrift, Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux Server, Oracle Communications Cloud Native Core Network Slice Selection Function.