Candidate: CVE-2019-0210
PublicDate: 2019-10-29 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0210
 https://www.openwall.com/lists/oss-security/2019/10/17/2
Description:
 In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using
 TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input
 data.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by: Alexandre Fiori
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_thrift:
upstream_thrift: needs-triage
precise/esm_thrift: DNE
trusty_thrift: ignored (out of standard support)
trusty/esm_thrift: DNE
xenial_thrift: DNE
bionic_thrift: DNE
disco_thrift: DNE
eoan_thrift: ignored (reached end-of-life)
focal_thrift: not-affected (0.13.0-2build1)
devel_thrift: not-affected (0.13.0-2build1)