Out-of-bounds read in Apache Thrift
High severity
GitHub Reviewed
Published
May 18, 2021
to the GitHub Advisory Database
•
Updated Jun 1, 2023
Package
Affected versions
>= 0.9.3, < 0.13.0
Patched versions
0.13.0
Description
Published by the National Vulnerability Database
Oct 29, 2019
Reviewed
May 17, 2021
Published to the GitHub Advisory Database
May 18, 2021
Last updated
Jun 1, 2023
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
References