{"containers": {"cna": {"affected": [{"product": "Facebook Thrift", "vendor": "Facebook", "versions": [{"status": "affected", "version": "v2019.02.18.00"}, {"lessThan": "v2019.02.18.00", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "dateAssigned": "2019-02-15T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-834", "description": "Excessive Iteration (CWE-834)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-16T05:06:08.000Z", "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "shortName": "facebook"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"}, {"tags": ["x_refsource_MISC"], "url": "https://www.facebook.com/security/advisories/cve-2019-3558"}, {"name": "108274", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108274"}, {"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@fb.com", "DATE_ASSIGNED": "2019-02-15", "ID": "CVE-2019-3558", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Facebook Thrift", "version": {"version_data": [{"version_affected": "!=>", "version_value": "v2019.02.18.00"}, {"version_affected": "<", "version_value": "v2019.02.18.00"}]}}]}, "vendor_name": "Facebook"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Excessive Iteration (CWE-834)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b", "refsource": "MISC", "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"}, {"name": "https://www.facebook.com/security/advisories/cve-2019-3558", "refsource": "MISC", "url": "https://www.facebook.com/security/advisories/cve-2019-3558"}, {"name": "108274", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108274"}, {"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:12:09.557Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.facebook.com/security/advisories/cve-2019-3558"}, {"name": "108274", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108274"}, {"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "assignerShortName": "facebook", "cveId": "CVE-2019-3558", "datePublished": "2019-05-06T15:15:02.000Z", "dateReserved": "2019-01-02T00:00:00.000Z", "dateUpdated": "2024-08-04T19:12:09.557Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:facebook:thrift:*:*:*:*:*:*:*:*", "matchCriteriaId": "97E99CF8-B44E-4EC9-88CB-A7F8D186F951", "versionEndExcluding": "2019.02.18.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00."}, {"lang": "es", "value": "Los servidores Python de Facebook Thrift no cometer\u00edan errores al recibir mensajes con tit\u00falares de campos de tipo desconocido. Como resultado, los clientes maliciosos podr\u00edan enviar mensajes cortos, lo que llevar\u00eda mucho tiempo de an\u00e1lisis por parte del servidor, lo que podr\u00eda llevar a una Denegaci\u00f3n de Servicio (DoS). Este problema afecta a Facebook Thrift anterior a la versi\u00f3n v2019.02.18.00."}], "id": "CVE-2019-3558", "lastModified": "2024-11-21T04:42:09.783", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-06T16:29:00.990", "references": [{"source": "cve-assign@fb.com", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/108274"}, {"source": "cve-assign@fb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"}, {"source": "cve-assign@fb.com", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"}, {"source": "cve-assign@fb.com", "tags": ["Vendor Advisory"], "url": "https://www.facebook.com/security/advisories/cve-2019-3558"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/108274"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.facebook.com/security/advisories/cve-2019-3558"}], "sourceIdentifier": "cve-assign@fb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-834"}], "source": "cve-assign@fb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}