CVE-2019-11938

CVE-2019-11938

Vendor Facebook
Product Facebook Thrift
Weakness CWE-770 · Uncontrolled resource consumption
Published March 10, 2020
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.

Key dates

02Disclosure timeline

March 10, 2020 CVE published
August 4, 2024 Record updated