CVE-2019-0205

NameCVE-2019-0205
DescriptionIn Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
thrift (PTS)buster0.11.0-4vulnerable
bullseye, sid0.11.0-6vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
thriftsource(unstable)(unfixed)

Notes

https://www.openwall.com/lists/oss-security/2019/10/17/1

Search for package or bug name: Reporting problems