VDB
CVE-2021-45606
CVE-2021-45606
PUBLISHED
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
EPSS 0.28% · 51.5th percentile
Risk Scores
EPSS Score
0.28%
51.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Apache Thrift | Apache Thrift 0.9.3 to 0.13.0 |
Timeline
- Jun 28, 2021 PoC Published
- Dec 11, 2021 PoC Published
- Dec 13, 2021 PoC Published
- Dec 15, 2021 CVE Published
- Dec 18, 2021 PoC Published
- Dec 26, 2021 EPSS Score
- Feb 18, 2022 EPSS Score
- Apr 13, 2022 EPSS Score
- Jun 6, 2022 EPSS Score
- Jun 7, 2022 PoC Published
- Jul 31, 2022 EPSS Score
- Sep 16, 2022 PoC Published
References
- https://access.redhat.com/errata/RHSA-2021:5130 advisory
- https://access.redhat.com/errata/RHBA-2021:5114 advisory
- https://access.redhat.com/errata/RHSA-2021:5138 advisory
- https://access.redhat.com/errata/RHSA-2021:5132 advisory
- https://access.redhat.com/errata/RHSA-2021:5126 advisory
- https://access.redhat.com/errata/RHSA-2021:5134 advisory
- https://access.redhat.com/errata/RHSA-2021:5133 advisory
- https://access.redhat.com/errata/RHSA-2021:5108 advisory
- https://access.redhat.com/errata/RHSA-2021:5093 advisory
- https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E url
- [hbase-issues] 20210215 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 opened a new pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] apurtell commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210215 [GitHub] [hbase] apurtell edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [hbase-issues] 20210216 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949 mailing-list
- [thrift-user] 20210217 Apache Thrift 0.14.0 Release not on Maven central mailing-list
…and 97 more