thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jake Farrell <jfarr...@apache.org>
Subject [NOTICE]: Apache Thrift Security Vulnerability CVE-2015-1774
Date Wed, 02 Dec 2015 02:28:04 GMT
CVE-2015-1774

A security vulnerability was discovered in the Apache Thrift client
libraries,
CVE-2015-3254. It was determined that in some cases a remote user could
cause unlimited recursion when the skip() function was called within the
server.
This has being addressed in the Apache Thrift 0.9.3 release and was tracked
in
THRIFT-3231 [2].

Vendor: The Apache Software Foundation

Versions Affected: All Apache Thrift versions 0.9.2 and older may be
affected

Mitigation: Upgrading to the latest 0.9.3 release


-Jake Farrell

[1]: CVE-2015-3254
[2]: https://issues.apache.org/jira/browse/THRIFT-3231

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message