Facebook Thrift
By the Year
In 2024 there have been 0 vulnerabilities in Facebook Thrift . Thrift did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 9.80 |
| 2020 | 3 | 7.50 |
| 2019 | 5 | 7.50 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Thrift vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Facebook Thrift Security Vulnerabilities
An invalid free in Thrift's table-based serialization
CVE-2021-24028
9.8 - Critical
- April 14, 2021
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
Release of Invalid Pointer or Reference
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload
CVE-2019-11939
7.5 - High
- March 18, 2020
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.
Allocation of Resources Without Limits or Throttling
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload
CVE-2019-3553
7.5 - High
- March 10, 2020
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00.
Allocation of Resources Without Limits or Throttling
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload
CVE-2019-11938
7.5 - High
- March 10, 2020
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.
Allocation of Resources Without Limits or Throttling
C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type
CVE-2019-3552
7.5 - High
- May 06, 2019
C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
Improper Handling of Exceptional Conditions
Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type
CVE-2019-3558
7.5 - High
- May 06, 2019
Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
Improper Handling of Exceptional Conditions
Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type
CVE-2019-3559
7.5 - High
- May 06, 2019
Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
Improper Handling of Exceptional Conditions
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type
CVE-2019-3564
7.5 - High
- May 06, 2019
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.
Improper Handling of Exceptional Conditions
Legacy C++ Facebook Thrift servers (using cpp instead of cpp2)
CVE-2019-3565
7.5 - High
- May 06, 2019
Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00.
Improper Handling of Exceptional Conditions
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Facebook Thrift or by Facebook? Click the Watch button to subscribe.
