Memory Allocation with Excessive Size in Apache Thrift < 0.23.0 (CVE-2026-43868)
CVE-2026-43868 Published on May 5, 2026

Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Vendor Advisory NVD

Weakness Type

What is a Stack Exhaustion Vulnerability?

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

CVE-2026-43868 has been classified to as a Stack Exhaustion vulnerability or weakness.

Products Associated with CVE-2026-43868

Want to know whenever a new CVE is published for Apache Thrift? stack.watch will email you.

Apache Thrift

Affected Versions

Apache Software Foundation Apache Thrift:

Before 0.23.0 is affected.

Memory Allocation with Excessive Size in Apache Thrift < 0.23.0 (CVE-2026-43868)CVE-2026-43868 Published on May 5, 2026

Weakness Type

What is a Stack Exhaustion Vulnerability?

Products Associated with CVE-2026-43868

Affected Versions

Memory Allocation with Excessive Size in Apache Thrift < 0.23.0 (CVE-2026-43868)
CVE-2026-43868 Published on May 5, 2026