VDB
CVE-2018-11798
CVE-2018-11798
PUBLISHED
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
EPSS 0.40% · 61.2th percentile
Risk Scores
EPSS Score
0.40%
61.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Apache Thrift | Apache Thrift 0.9.3 to 0.13.0 |
Exploit Intelligence
- ossf-cve-benchmark/CVE-2018-11798 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-11798 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-11798 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-11798 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-11798 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-11798 (github-poc-repo)
- https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 opened a new pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (circl)
- [hbase-issues] 20210215 [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 (circl)
…and 249 more exploits
Timeline
- Jan 7, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 10, 2021 CVE Updated
- Jun 23, 2021 EPSS Score
- Jun 28, 2021 PoC Published
- Aug 24, 2021 EPSS Score
- Dec 11, 2021 PoC Published
- Dec 13, 2021 PoC Published
- Dec 18, 2021 PoC Published
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
References
- https://www.ibm.com/support/pages/node/6596145 advisory
- https://www.ibm.com/support/pages/node/6596155 advisory
- https://www.ibm.com/support/pages/node/6596085 advisory
- https://www.ibm.com/support/pages/node/6572497 advisory
- https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E url
- [hbase-issues] 20210215 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 opened a new pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] apurtell commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] apurtell edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210216 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [thrift-user] 20210217 Apache Thrift 0.14.0 Release not on Maven central mailing-list
- [thrift-user] 20210224 Re: [SECURITY] CVE-2020-13949 Announcement mailing-list
- [hbase-issues] 20210301 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210302 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210302 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210302 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
…and 92 more