FAQ
Both the Subject and the heading in the body of this message do not
agree with the CVE referenced in the main text.

A correction needs to be issued.

Mark
On 02/12/2015 02:28, Jake Farrell wrote:
CVE-2015-1774

A security vulnerability was discovered in the Apache Thrift client
libraries,
CVE-2015-3254. It was determined that in some cases a remote user could
cause unlimited recursion when the skip() function was called within the
server.
This has being addressed in the Apache Thrift 0.9.3 release and was
tracked in
THRIFT-3231 [2].

Vendor: The Apache Software Foundation

Versions Affected: All Apache Thrift versions 0.9.2 and older may be
affected

Mitigation: Upgrading to the latest 0.9.3 release


-Jake Farrell

[1]: CVE-2015-3254
[2]: https://issues.apache.org/jira/browse/THRIFT-3231

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 2 of 3 | next ›
Discussion Overview
groupuser @
categoriesthrift
postedDec 2, '15 at 2:28a
activeDec 10, '15 at 6:37p
posts3
users2
websitethrift.apache.org
irc#thrift

2 users in discussion

Jake Farrell: 2 posts Mark Thomas: 1 post

People

Translate

site design / logo © 2017 Grokbase