Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/facebook/fbthrift(Go) | 0 | 0.31.1-0.20200311080807-483ed864d69f | N/A |
CVSS Metrics
