CVE-2019-0205

{"id": "CVE-2019-0205", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-10-29T19:15:15.877", "references": [{"url": "http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0804", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0805", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0806", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0811", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/003ac686189e6ce7b99267784d04bf60059a8c323eeda5a79a0309b8%40%3Ccommits.cassandra.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/07bd68ad237a5d513751d6d2731a8828f902c738ea57d85c1a72bad3%40%3Cdev.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/0d058e1bfd11727c4f2e2adf4b6e403a47c38e22431ab20066a1ac79%40%3Cdev.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/1193444c17f499f92cd198d464a2c1ffc92182c83487345a854914b3%40%3Cuser.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/1c18ec6ebfea0a9211992be952e8b33d0fda202c077979b84a5e09a8%40%3Cuser.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/3dfa054b89274c9109c26ed1843ca15a14c03786f4016d26773878ae%40%3Cdev.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/928cae83d20d8d8196c26118f7084aa37573e1d31162381fb9454fb5%40%3Cdev.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/9f7150d0b02e72d1154721a412e80cf797f1b7cfa295fcefc67b1381%40%3Ccommits.cassandra.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/a9669756befaeb0f8e08766d3f4d410a0fce85da3a570506f71f0b67%40%3Cdev.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r0c606d4be9aa163d132edf8edd8eb55e7b9464063b99acbbf6e9e287%40%3Cissues.hive.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r0d08f5576286f4a042aabde13ecf58979644f6dc210f25aa9a4d469b%40%3Cdev.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r137753c9df8dd9065bea27a26af49aadc406b5a57fc584fefa008afd%40%3Cdev.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r1b1a92c229ead94d53b3bcde9e624d002b54f1c6fdb830b9f4da20e1%40%3Cdev.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r228ac842260c2c516af7b09f3cf4cf76e5b9c002e359954a203ab5a5%40%3Cdev.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f%40%3Ccommits.pulsar.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9%40%3Ccommits.pulsar.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r3887b48b183b6fa43e59398bd170a99239c0a16264cb5175b5b689d0%40%3Ccommits.cassandra.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r4633082b834eebccd0d322697651d931ab10ca9c51ee7ef18e1f60f4%40%3Cdev.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r50bf84c60867574238d18cdad5da9f303b618114c35566a3a001ae08%40%3Cdev.hive.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r53c03e1c979b9c628d0d65e0f49dd9a9f9d7572838727ad11b750575%40%3Cuser.cassandra.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff%40%3Ccommits.pulsar.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r569b2b3da41ff45bfacfca6787a4a8728edd556e185b69b140181d9d%40%3Cdev.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r573029c2f8632e3174b9eea7cd57f9c9df33f2f706450e23fc57750a%40%3Ccommits.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r67a704213d13326771f46c84bbd84c8281bb93946e155e0e40abcb4c%40%3Ccommits.cassandra.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r73a3c8b80765e3d2430ff51f22b778d0c917919f01815b69ed16cf9d%40%3Cissues.hive.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r7859e767c90c8f4971dec50f801372aa64e88f143c3e8a265a36f9b4%40%3Cuser.cassandra.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r92b7771afee2625209c36727fefdc77033964e9a1daa81ec3327e625%40%3Cuser.cassandra.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r934f312dd5add7276ac2de684d8b237554ff9f34479a812df5fd6aee%40%3Ccommits.cassandra.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142%40%3Ccommits.pulsar.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rb139fa1d2714822d8c6e6f3bd6f5d5c91844d313201185c409288fd9%40%3Ccommits.cassandra.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rba61c1f3a3b1960a6a694775b1a437751eba0825f30188f69387fe90%40%3Cdev.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rce0d368a78b42c545f26c2e6e91e2b8a91b27b60d0cb45fe1911d337%40%3Cnotifications.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/re387dc6ca11cb0b0ce4de8e800bb91ca50fee054b80105f5cd34adcb%40%3Cdev.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rf359e5cc6a185494fc0cfe837fe82f7db2ef49242d35cbf3895aebce%40%3Cdev.thrift.apache.org%3E", "source": "security@apache.org"}, {"url": "https://security.gentoo.org/glsa/202107-32", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings."}, {"lang": "es", "value": "En Apache Thrift, todas las versiones hasta 0.12.0 incluy\u00e9ndola, un servidor o cliente pueden correr en un bucle sin fin cuando es alimentado con datos de entrada espec\u00edficos. Debido a que el problema ya se hab\u00eda solucionado parcialmente en la versi\u00f3n 0.11.0, dependiendo de la versi\u00f3n instalada, solo afecta a determinados enlaces de idiomas."}], "lastModified": "2023-11-07T03:01:49.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:thrift:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DED80D8-FA6B-4B92-B8D1-EC299E2247EF", "versionEndIncluding": "0.12.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B0FEFCDD-A212-4525-B449-2C4A00A0D2E9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADE6EF8F-1F05-429B-A916-76FDB20CEB81"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}