CVE-2019-3559 is a vulnerability in Facebook Thrift
Published on May 6, 2019
Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.
Weakness Type
Excessive Iteration
The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed. If the iteration can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. In many cases, a loop does not need to be infinite in order to cause enough resource consumption to adversely affect the software or its host system; it depends on the amount of resources consumed per iteration.
Products Associated with CVE-2019-3559
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-3559 are published in Facebook Thrift:
Affected Versions
Facebook Thrift:- Version v2019.02.18.00 is affected.
- Version unspecified and below v2019.02.18.00 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.