CVE-2019-0210
Panic due to out-of-bounds read in github.com/apache/thrift
7.5
HIGH
CVSS 3.1
EPSS 1.2%
Description
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
How to fix CVE-2019-0210
To remediate CVE-2019-0210, upgrade the affected package to a fixed version below.
- Debian/thrift—upgrade to 0.13.0-2 or later
- Go/github.com/apache/thrift—upgrade to 0.13.0 or later
- —upgrade to 0.13.0 or later
Is CVE-2019-0210 being exploited?
Low — EPSS is 1.2%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 0.13.0-2
- >= 0.9.3, < 0.13.0
- >= 0.0.0-20151001171628-53dd39833a08, < 0.13.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |