Vulnerabilities > Apache > Thrift > 0.12.0

DATE CVE VULNERABILITY TITLE RISK
2021-02-12 CVE-2020-13949 Resource Exhaustion vulnerability in multiple products
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
network
low complexity
apache oracle CWE-400
7.5
7.5
2019-10-29 CVE-2019-0210 Out-of-bounds Read vulnerability in multiple products
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
network
low complexity
apache redhat oracle CWE-125
7.5
7.5
2019-10-29 CVE-2019-0205 Infinite Loop vulnerability in multiple products
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data.
network
low complexity
apache redhat oracle CWE-835
7.5
7.5