CVE-2019-0205

NameCVE-2019-0205
DescriptionIn Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
thrift (PTS)buster0.11.0-4vulnerable
bullseye0.13.0-6fixed
bookworm0.17.0-2fixed
trixie0.19.0-2fixed
sid0.19.0-2.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
thriftsourceexperimental0.13.0-1
thriftsource(unstable)0.13.0-2

Notes

[buster] - thrift <no-dsa> (Minor issue)
https://www.openwall.com/lists/oss-security/2019/10/17/1
Search for package or bug name: Reporting problems