CVE-2020-13949

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

Summary:

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

Reference Links(if available):

https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E

https://lists.apache.org/thread.html/r3a1291a7ab8ee43db87cb0253371489810877028fc6e7c68dc640926@%3Cissues.hbase.apache.org%3E

https://lists.apache.org/thread.html/r27b7d3d95ffa8498899ef1c9de553d469f8fe857640a3f6e58dba640@%3Cissues.hbase.apache.org%3E

https://lists.apache.org/thread.html/r143ca388b0c83fe659db14be76889d50b453b0ee06f423181f736933@%3Cissues.hbase.apache.org%3E

https://lists.apache.org/thread.html/r515e01a30443cfa2dbb355c44c63149869afd684fb7b0344c58fa67b@%3Cissues.hbase.apache.org%3E

CVSS Score (if available)

v2: / MEDIUM

v3: /

CVE-2020-13949

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Releases One Industrial Control Systems Advisory

CISA: Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Releases One Industrial Control Systems Advisory

CISA: Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog