Vulnerability Report: GO-2021-0088

CVE-2019-3564, GHSA-x4rg-4545-4w7w
Affects: github.com/facebook/fbthrift
Published: Apr 14, 2021
Modified: May 20, 2024

Skip ignores unknown fields, rather than failing. A malicious user can craft small messages with unknown fields which can take significant resources to parse. If a server accepts messages from an untrusted user, it may be used as a denial of service vector.

Affected Packages

Path

Go Versions

Symbols
github.com/facebook/fbthrift/thrift/lib/go/thrift

before v0.31.1-0.20190225164308-c461c1bd1a3e
13 affected symbols

Aliases

CVE-2019-3564
GHSA-x4rg-4545-4w7w

References

https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156
https://www.facebook.com/security/advisories/cve-2019-3564
https://vuln.go.dev/ID/GO-2021-0088.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL