FAQ
CVE-2015-1774

A security vulnerability was discovered in the Apache Thrift client
libraries,
CVE-2015-3254. It was determined that in some cases a remote user could
cause unlimited recursion when the skip() function was called within the
server.
This has being addressed in the Apache Thrift 0.9.3 release and was tracked
in
THRIFT-3231 [2].

Vendor: The Apache Software Foundation

Versions Affected: All Apache Thrift versions 0.9.2 and older may be
affected

Mitigation: Upgrading to the latest 0.9.3 release


-Jake Farrell

[1]: CVE-2015-3254
[2]: https://issues.apache.org/jira/browse/THRIFT-3231

Search Discussions

  • Mark Thomas at Dec 9, 2015 at 10:23 am
    Both the Subject and the heading in the body of this message do not
    agree with the CVE referenced in the main text.

    A correction needs to be issued.

    Mark
    On 02/12/2015 02:28, Jake Farrell wrote:
    CVE-2015-1774

    A security vulnerability was discovered in the Apache Thrift client
    libraries,
    CVE-2015-3254. It was determined that in some cases a remote user could
    cause unlimited recursion when the skip() function was called within the
    server.
    This has being addressed in the Apache Thrift 0.9.3 release and was
    tracked in
    THRIFT-3231 [2].

    Vendor: The Apache Software Foundation

    Versions Affected: All Apache Thrift versions 0.9.2 and older may be
    affected

    Mitigation: Upgrading to the latest 0.9.3 release


    -Jake Farrell

    [1]: CVE-2015-3254
    [2]: https://issues.apache.org/jira/browse/THRIFT-3231
  • Jake Farrell at Dec 10, 2015 at 6:37 pm
    the CVE notice that went out in our board report was correct, CVE-2015-3254.
    Please disregard CVE-2015-1774, not sure where that came in from

    -Jake



    On Wed, Dec 9, 2015 at 5:23 AM, Mark Thomas wrote:

    Both the Subject and the heading in the body of this message do not
    agree with the CVE referenced in the main text.

    A correction needs to be issued.

    Mark
    On 02/12/2015 02:28, Jake Farrell wrote:
    CVE-2015-1774

    A security vulnerability was discovered in the Apache Thrift client
    libraries,
    CVE-2015-3254. It was determined that in some cases a remote user could
    cause unlimited recursion when the skip() function was called within the
    server.
    This has being addressed in the Apache Thrift 0.9.3 release and was
    tracked in
    THRIFT-3231 [2].

    Vendor: The Apache Software Foundation

    Versions Affected: All Apache Thrift versions 0.9.2 and older may be
    affected

    Mitigation: Upgrading to the latest 0.9.3 release


    -Jake Farrell

    [1]: CVE-2015-3254
    [2]: https://issues.apache.org/jira/browse/THRIFT-3231

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupuser @
categoriesthrift
postedDec 2, '15 at 2:28a
activeDec 10, '15 at 6:37p
posts3
users2
websitethrift.apache.org
irc#thrift

2 users in discussion

Jake Farrell: 2 posts Mark Thomas: 1 post

People

Translate

site design / logo © 2017 Grokbase