N/A

C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00.

N/A

不加限制或调节的资源分配

Facebook Thrift 安全漏洞

Facebook Thrift是美国Facebook公司的Apache Thrift的一个分支，是一款用于服务通信的序列化和RPC框架。 Facebook Thrift v2020.02.03.00之前版本（C++）中存在安全漏洞。攻击者可通过发送短消息利用该漏洞造成内存大量分配，导致拒绝服务。

N/A

N/A