[Bugs] [Bug 13328] New: [CVE 21] thrift 0.10.0 CVEs found

bugzilla bugzilla на rosalinux.ru
Ср Май 3 17:03:30 MSK 2023 

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13328

          Platform: 2021.1
            Bug ID: 13328
           Summary: [CVE 21] thrift 0.10.0  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2018-11798, CVE-2018-1320, CVE-2019-0210,
                    CVE-2019-11938, CVE-2019-11939, CVE-2019-3552,
                    CVE-2019-3553, CVE-2019-3558, CVE-2019-3559,
                    CVE-2019-3564, CVE-2019-3565, CVE-2020-13949,
                    CVE-2021-24028,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package thrift version 0.10.0

INFO (CVEs are): thrift 0.10.0
 cves found
CVE-2018-11798
Desc: The Apache Thrift Node.js static web server in versions 0.9.2 through
0.11.0 have been determined to contain a security vulnerability in which a
remote user has the ability to access files outside the set webservers docroot
path.
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-11798
Severity: MEDIUM
CVE-2018-1320
Desc: Apache Thrift Java client library versions 0.5.0 through 0.11.0 can
bypass SASL negotiation isComplete validation in the
org.apache.thrift.transport.TSaslTransport class. An assert used to determine
if the SASL handshake had successfully completed could be disabled in
production settings making the validation incomplete.
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-1320
Severity: HIGH
CVE-2019-0210
Desc: In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using
TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input
data.
Link: https://nvd.nist.gov/vuln/detail/CVE-2019-0210
Severity: HIGH
CVE-2019-11938
Desc: Java Facebook Thrift servers would not error upon receiving messages
declaring containers of sizes larger than the payload. As a result, malicious
clients could send short messages which would result in a large memory
allocation, potentially leading to denial of service. This issue affects
Facebook Thrift prior to v2019.12.09.00.
Link: https://nvd.nist.gov/vuln/detail/CVE-2019-11938
Severity: HIGH
CVE-2019-11939
Desc: Golang Facebook Thrift servers would not error upon receiving messages
declaring containers of sizes larger than the payload. As a result, malicious
clients could send short messages which would result in a large memory
allocation, potentially leading to denial of service. This issue affects
Facebook Thrift prior to v2020.03.16.00.
Link: https://nvd.nist.gov/vuln/detail/CVE-2019-11939
Severity: HIGH
CVE-2019-3552
Desc: C++ Facebook Thrift servers (using cpp2) would not error upon receiving
messages with containers of fields of unknown type. As a result, malicious
clients could send short messages which would take a long time for the server
to parse, potentially leading to denial of service. This issue affects Facebook
Thrift prior to v2019.02.18.00.
Link: https://nvd.nist.gov/vuln/detail/CVE-2019-3552
Severity: HIGH
CVE-2019-3553
Desc: C++ Facebook Thrift servers would not error upon receiving messages
declaring containers of sizes larger than the payload. As a result, malicious
clients could send short messages which would result in a large memory
allocation, potentially leading to denial of service. This issue affects
Facebook Thrift prior to v2020.02.03.00.
Link: https://nvd.nist.gov/vuln/detail/CVE-2019-3553
Severity: HIGH
CVE-2019-3558
Desc: Python Facebook Thrift servers would not error upon receiving messages
with containers of fields of unknown type. As a result, malicious clients could
send short messages which would take a long time for the server to parse,
potentially leading to denial of service. This issue affects Facebook Thrift
prior to v2019.02.18.00.
Link: https://nvd.nist.gov/vuln/detail/CVE-2019-3558
Severity: HIGH
CVE-2019-3559
Desc: Java Facebook Thrift servers would not error upon receiving messages with
containers of fields of unknown type. As a result, malicious clients could send
short messages which would take a long time for the server to parse,
potentially leading to denial of service. This issue affects Facebook Thrift
prior to v2019.02.18.00.
Link: https://nvd.nist.gov/vuln/detail/CVE-2019-3559
Severity: HIGH
CVE-2019-3564
Desc: Go Facebook Thrift servers would not error upon receiving messages with
containers of fields of unknown type. As a result, malicious clients could send
short messages which would take a long time for the server to parse,
potentially leading to denial of service. This issue affects Facebook Thrift
prior to v2019.03.04.00.
Link: https://nvd.nist.gov/vuln/detail/CVE-2019-3564
Severity: HIGH
CVE-2019-3565
Desc: Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not
error upon receiving messages with containers of fields of unknown type. As a
result, malicious clients could send short messages which would take a long
time for the server to parse, potentially leading to denial of service. This
issue affects Facebook Thrift prior to v2019.05.06.00.
Link: https://nvd.nist.gov/vuln/detail/CVE-2019-3565
Severity: HIGH
CVE-2020-13949
Desc: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short
messages which would result in a large memory allocation, potentially leading
to denial of service.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-13949
Severity: HIGH
CVE-2021-24028
Desc: An invalid free in Thrift's table-based serialization can cause the
application to crash or potentially result in code execution or other
undesirable effects. This issue affects Facebook Thrift prior to
v2021.02.22.00.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-24028
Severity: CRITICAL

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/0b43c87d/attachment-0001.html>

Подробная информация о списке рассылки Bugs