| Release | Version |
|---|---|
| bullseye | 0.13.0-6 |
| bookworm | 0.17.0-2 |
| trixie | 0.19.0-4 |
| forky | 0.23.0-3 |
| sid | 0.23.0-3 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2026-41607 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects ... |
| CVE-2026-41606 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Uncontrolled Recursion vulnerability in Apache Thrift. This issue aff ... |
| CVE-2026-41603 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Improper Validation of Certificate with Host Mismatch vulnerability in ... |
| CVE-2026-41602 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedT ... |
| CVE-2025-48431 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Mismatched Memory Management Routines vulnerability in Apache Thrift c ... |
| CVE-2020-13949 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | fixed | In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send sho ... |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2026-43870 | vulnerable | vulnerable | vulnerable | fixed | fixed | Origin Validation Error, Improper Limitation of a Pathname to a Restri ... |
| CVE-2026-43869 | vulnerable | vulnerable | vulnerable | fixed | fixed | Improper Validation of Certificate with Host Mismatch vulnerability in ... |
| CVE-2026-43868 | vulnerable | vulnerable | vulnerable | fixed | fixed | Memory Allocation with Excessive Size Value vulnerability in Apache Th ... |
| CVE-2026-41636 | vulnerable | vulnerable | vulnerable | fixed | fixed | Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings ... |
| CVE-2026-41605 | vulnerable | vulnerable | vulnerable | fixed | fixed | Integer Overflow or Wraparound vulnerability in Apache Thrift. This i ... |
| CVE-2026-41604 | vulnerable | vulnerable | vulnerable | fixed | fixed | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects ... |
| Bug | Description |
|---|---|
| CVE-2019-0210 | In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJS ... |
| CVE-2019-0205 | In Apache Thrift all versions up to and including 0.12.0, a server or ... |
| CVE-2018-11798 | The Apache Thrift Node.js static web server in versions 0.9.2 through ... |
| CVE-2016-5397 | The Apache Thrift Go client library exposed the potential during code ... |