thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: [NOTICE]: Apache Thrift Security Vulnerability CVE-2015-1774
Date Wed, 09 Dec 2015 10:23:27 GMT
Both the Subject and the heading in the body of this message do not
agree with the CVE referenced in the main text.

A correction needs to be issued.

Mark

On 02/12/2015 02:28, Jake Farrell wrote:
> CVE-2015-1774
> 
> A security vulnerability was discovered in the Apache Thrift client
> libraries,
> CVE-2015-3254. It was determined that in some cases a remote user could
> cause unlimited recursion when the skip() function was called within the
> server.
> This has being addressed in the Apache Thrift 0.9.3 release and was
> tracked in 
> THRIFT-3231 [2].
> 
> Vendor: The Apache Software Foundation
> 
> Versions Affected: All Apache Thrift versions 0.9.2 and older may be
> affected
> 
> Mitigation: Upgrading to the latest 0.9.3 release
> 
> 
> -Jake Farrell
> 
> [1]: CVE-2015-3254
> [2]: https://issues.apache.org/jira/browse/THRIFT-3231


Mime
View raw message