CVE-2018-1320 — libthrift-java - security update

Description

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

How to fix CVE-2018-1320

To remediate CVE-2018-1320, upgrade the affected package to a fixed version below.

—upgrade to 0.9.1-2.1 or later
—upgrade to 0.9.1-2+deb8u1 or later
—upgrade to 0.9.3-1 or later

Is CVE-2018-1320 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 0.9.1-2.1
from 0, < 0.9.1-2+deb8u1
>= 0.5.0, < 0.9.3-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References (33)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-1320
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-1320
PATCHgithub.com/apache/thrift
WEBaccess.redhat.com/errata/RHSA-2019:2413
WEB