Denial of Service Vulnerability in Java Facebook Thrift Servers

Denial of Service Vulnerability in Java Facebook Thrift Servers

CVE-2019-11938 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.

Learn more about our Cis Benchmark Audit For Server Software.