CVE-2019-0205

Summary

CVE	CVE-2019-0205
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-10-29 19:15:00 UTC
Updated	2023-11-07 03:01:00 UTC
Description	In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

Risk And Classification

Problem Types: CWE-835

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Apache	Thrift	All	All	All	All
Application	Oracle	Communications Cloud Native Core Network Slice Selection Function	1.2.1	All	All	All
Operating System	Redhat	Enterprise Linux Server	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	8.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	8.0	All	All	All
Application	Redhat	Jboss Enterprise Application Platform	7.2.0	All	All	All
Application	Redhat	Jboss Enterprise Application Platform	7.2.0	All	All	All

References

Reference	Source	Link	Tags
[hive-issues] 20210915 [jira] [Resolved] (HIVE-22738) CVE-2019-0205		lists.apache.org
Pony Mail!		lists.apache.org
Pony Mail!		lists.apache.org
[cassandra-commits] 20210924 [jira] [Assigned] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4		lists.apache.org
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!	MLIST	lists.apache.org
[cassandra-commits] 20210415 [jira] [Commented] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4		lists.apache.org
[cassandra-user] 20211004 Vulnerability in libthrift library (CVE-2019-0205)		lists.apache.org
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!		lists.apache.org
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
Pony Mail!		lists.apache.org
Pony Mail!		lists.apache.org
Pony Mail!		lists.apache.org
Pony Mail!		lists.apache.org
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Oracle Critical Patch Update Advisory - July 2021	N/A	www.oracle.com
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!	MLIST	lists.apache.org
Subject: [SECURITY] CVE-2019-0205 Announcement	MISC	mail-archives.apache.org	Mailing List, Vendor Advisory
Pony Mail!		lists.apache.org
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!		lists.apache.org
Pony Mail!		lists.apache.org
[cassandra-user] 20211005 Re: Vulnerability in libthrift library (CVE-2019-0205)		lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
[cassandra-commits] 20210924 [jira] [Updated] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4		lists.apache.org
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!		lists.apache.org
Apache Thrift: Multiple vulnerabilities (GLSA 202107-32) — Gentoo security	GENTOO	security.gentoo.org
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!		lists.apache.org
Pony Mail!		lists.apache.org
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!		lists.apache.org
[cassandra-commits] 20210415 [jira] [Updated] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4		lists.apache.org
Pony Mail!		lists.apache.org
[cassandra-user] 20211004 Re: Vulnerability in libthrift library (CVE-2019-0205)		lists.apache.org
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!		lists.apache.org
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Pony Mail!		lists.apache.org
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org	Mailing List, Patch, Vendor Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

710036 Gentoo Linux Apache Thrift Multiple vulnerabilities (GLSA 202107-32)