VDB
CNVD-2021-11836
CNVD-2021-11836
PUBLISHED
Apache Thrift是一款可伸缩的跨语言服务开发框架。 Apache Thrift存在拒绝服务漏洞,允许恶意RPC客户端发送超短消息,分配超大内存分配,可使应用程序崩溃。目前没有详细漏洞细节提供。
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Apache Thrift | Apache Thrift 0.9.3 to 0.13.0 |
Exploit Intelligence
- https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 opened a new pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] apurtell commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] apurtell edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210216 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 (circl)
…and 156 more exploits
Timeline
- Feb 12, 2018 CVE Published
- Jun 28, 2021 PoC Published
- Dec 11, 2021 PoC Published
- Dec 13, 2021 PoC Published
- Dec 18, 2021 PoC Published
- Jun 7, 2022 PoC Published
- Sep 16, 2022 PoC Published
- Nov 21, 2023 PoC Published
- Dec 8, 2023 PoC Published
- Dec 11, 2023 PoC Published
- Mar 1, 2024 PoC Published
- Apr 5, 2024 PoC Published
References
- https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E url
- [hbase-issues] 20210215 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 opened a new pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] apurtell commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] apurtell edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210216 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [thrift-user] 20210217 Apache Thrift 0.14.0 Release not on Maven central mailing-list
- [thrift-user] 20210224 Re: [SECURITY] CVE-2020-13949 Announcement mailing-list
- [hbase-issues] 20210301 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210302 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210302 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210302 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210302 [GitHub] [hbase] Apache9 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210302 [GitHub] [hbase] pankaj72981 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210303 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210308 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
…and 88 more