Candidate: CVE-2019-3559 PublicDate: 2019-05-06 16:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3559 https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943 https://www.facebook.com/security/advisories/cve-2019-3559 Description: Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. Ubuntu-Description: Notes: sbeattie> thrift has fixed version under lib/java, but vulnerable version under lib/javame; however, it does not appear to be used during the build. Bugs: Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] Patches_hhvm: upstream_hhvm: needs-triage precise/esm_hhvm: DNE trusty/esm_hhvm: DNE xenial_hhvm: ignored (end of standard support, was needs-triage) bionic_hhvm: needs-triage cosmic_hhvm: DNE disco_hhvm: DNE eoan_hhvm: DNE focal_hhvm: DNE groovy_hhvm: DNE hirsute_hhvm: DNE impish_hhvm: DNE jammy_hhvm: DNE devel_hhvm: DNE Patches_libthrift-java: upstream_libthrift-java: needs-triage precise/esm_libthrift-java: DNE trusty/esm_libthrift-java: DNE xenial_libthrift-java: ignored (end of standard support, was needed) bionic_libthrift-java: needed cosmic_libthrift-java: ignored (reached end-of-life) disco_libthrift-java: DNE eoan_libthrift-java: DNE focal_libthrift-java: DNE groovy_libthrift-java: DNE hirsute_libthrift-java: DNE impish_libthrift-java: not-affected (0.13.0-1) jammy_libthrift-java: not-affected (0.13.0-1) devel_libthrift-java: not-affected (0.13.0-1) Patches_thrift: upstream: https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943 upstream_thrift: needs-triage precise/esm_thrift: DNE trusty/esm_thrift: DNE xenial_thrift: DNE bionic_thrift: DNE cosmic_thrift: DNE disco_thrift: DNE eoan_thrift: not-affected focal_thrift: not-affected groovy_thrift: not-affected hirsute_thrift: not-affected impish_thrift: not-affected jammy_thrift: not-affected devel_thrift: not-affected