GCVE - cpe:2.3:a:facebook:thrift:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:facebook:thrift:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Facebook (`c319c35a-3469-5baa-b3bd-8582d1206a92`)
Product	Thrift (`861be75d-46b5-5f10-9c7a-1b90335a46fb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/facebook/fbthrift`	purl2cpe	2026-06-01 10:11:42.932869

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-45863`	vulnerable	2026-06-03 14:56:59.266290	Details available A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00. Published: 2024-09-27T13:50:29.254Z Updated: 2024-09-27T14:29:01.158Z Open on db.gcve.eu Reference links https://www.facebook.com/security/advisories/cve-2024-45863	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45773`	vulnerable	2026-06-03 14:56:58.648224	Details available A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00. Published: 2024-09-27T13:49:54.031Z Updated: 2024-09-27T14:30:23.721Z Open on db.gcve.eu Reference links https://www.facebook.com/security/advisories/cve-2024-45773	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24028`	vulnerable	2026-06-03 14:43:55.984230	Details available An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. Published: 2021-04-13T23:20:13.000Z Updated: 2024-08-03T19:21:17.258Z Open on db.gcve.eu Reference links https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339 https://www.facebook.com/security/advisories/cve-2021-24028	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3565`	vulnerable	2026-06-03 14:40:26.575108	Details available Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.05.06.00. Published: 2019-05-06T15:15:02.000Z Updated: 2024-08-04T19:12:09.598Z Open on db.gcve.eu Reference links https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64 https://www.facebook.com/security/advisories/cve-2019-3565 http://www.securityfocus.com/bid/108280 https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3564`	vulnerable	2026-06-03 14:40:26.574729	Details available Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00. Published: 2019-05-06T15:15:02.000Z Updated: 2024-08-04T19:12:09.508Z Open on db.gcve.eu Reference links https://github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156 https://www.facebook.com/security/advisories/cve-2019-3564 https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3559`	vulnerable	2026-06-03 14:40:26.570167	Details available Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. Published: 2019-05-06T15:15:02.000Z Updated: 2024-08-04T19:12:09.476Z Open on db.gcve.eu Reference links https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943 https://www.facebook.com/security/advisories/cve-2019-3559 https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3558`	vulnerable	2026-06-03 14:40:26.569818	Details available Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. Published: 2019-05-06T15:15:02.000Z Updated: 2024-08-04T19:12:09.557Z Open on db.gcve.eu Reference links https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b https://www.facebook.com/security/advisories/cve-2019-3558 http://www.securityfocus.com/bid/108274 https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3553`	vulnerable	2026-06-03 14:40:26.563454	Details available C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00. Published: 2020-03-10T20:30:21.000Z Updated: 2024-08-04T19:12:09.503Z Open on db.gcve.eu Reference links https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351 https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6 https://www.facebook.com/security/advisories/cve-2019-3553	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-3552`	vulnerable	2026-06-03 14:40:26.562980	Details available C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00. Published: 2019-05-06T15:15:02.000Z Updated: 2024-08-04T19:12:09.356Z Open on db.gcve.eu Reference links https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b http://www.securityfocus.com/bid/108279 https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11939`	vulnerable	2026-06-03 14:39:34.055431	Details available Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00. Published: 2020-03-18T00:40:12.000Z Updated: 2024-08-04T23:10:29.633Z Open on db.gcve.eu Reference links https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757 https://www.facebook.com/security/advisories/cve-2019-11939	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11938`	vulnerable	2026-06-03 14:39:34.054933	Details available Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00. Published: 2020-03-10T20:30:20.000Z Updated: 2024-08-04T23:10:29.610Z Open on db.gcve.eu Reference links https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030 https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3 https://www.facebook.com/security/advisories/cve-2019-11938	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.