CVE-2019-3553

CVE-2019-3553

Vendor Facebook
Product Facebook Thrift
Weakness CWE-770 · Uncontrolled resource consumption
Published March 10, 2020
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00.

Key dates

02Disclosure timeline

March 10, 2020 CVE published
August 4, 2024 Record updated