CVE-2019-3559

2019-05-0615:15:02

CWE-834

facebook

www.cve.org

0.003 Low

EPSS

Percentile

70.0%

JSON

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.

CNA Affected

[
  {
    "product": "Facebook Thrift",
    "vendor": "Facebook",
    "versions": [
      {
        "status": "affected",
        "version": "v2019.02.18.00"
      },
      {
        "lessThan": "v2019.02.18.00",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]