CVE-2019-11938 is a vulnerability in Facebook Thrift
Published on March 10, 2020
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.
Weakness Type
Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Products Associated with CVE-2019-11938
Want to know whenever a new CVE is published for Facebook Thrift? stack.watch will email you.
Affected Versions
Facebook Thrift:- Version v2019.12.09.00 and below unspecified is unaffected.
- Version unspecified and below v2019.12.09.00 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.