CVE-2019-3553 is a vulnerability in Facebook Thrift
Published on March 10, 2020
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00.
Weakness Type
Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Products Associated with CVE-2019-3553
Want to know whenever a new CVE is published for Facebook Thrift? stack.watch will email you.
Affected Versions
Facebook Thrift:- Version v2020.02.03.00 and below unspecified is unaffected.
- Version unspecified and below v2020.02.03.00 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.