CVE-2020-13949

Summary

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

Affected Software

VendorProductVersion RangeStatus
n/aApache ThriftApache Thrift 0.9.3 to 0.13.0affected

Weaknesses

  • Potential DoS when processing untrusted Thrift payloads

ADP Enrichment

CVE Program Container

Additional References

References