CVE-2019-11939 is a vulnerability in Facebook Thrift
Published on March 18, 2020
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.
Weakness Type
Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Products Associated with CVE-2019-11939
Want to know whenever a new CVE is published for Facebook Thrift? stack.watch will email you.
Affected Versions
Facebook Thrift:- Version v2020.03.16.00 and below unspecified is unaffected.
- Version unspecified and below v2020.03.16.00 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.