Vulnerability Name:

CVE-2020-13949 (CCN-196738)

Assigned:2020-06-08
Published:2021-02-11
Updated:2022-04-04
Summary:In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-400
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-13949

Source: XF
Type: UNKNOWN
apache-cve202013949-dos(196738)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210317 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Exploit, Mailing List, Vendor Advisory
[hbase-issues] 20210301 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210316 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210326 [GitHub] [hbase] pankaj72981 merged pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)

Source: MLIST
Type: Mailing List, Vendor Advisory
[solr-issues] 20210825 [jira] [Resolved] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210310 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hive-issues] 20210609 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210415 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)

Source: MLIST
Type: Mailing List, Vendor Advisory
[thrift-user] 20210312 RE: Thrift 0.13 micro for CVE-2020-13949?

Source: MLIST
Type: Mailing List, Vendor Advisory
[hive-issues] 20210510 [jira] [Assigned] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0 due

Source: MLIST
Type: Mailing List, Vendor Advisory
[druid-commits] 20210513 [GitHub] [druid] clintropolis opened a new pull request #11251: [Backport] suppress CVE-2020-13949 again for a time

Source: MLIST
Type: Mailing List, Patch, Vendor Advisory
[camel-commits] 20210823 [camel] branch main updated: CAMEL-16880: camel-thrift - Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949 (#5976)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210324 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210316 [GitHub] [hbase] pankaj72981 commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[camel-commits] 20210824 [GitHub] [camel] zhfeng commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210325 [GitHub] [hbase] pankaj72981 commented on pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210309 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[solr-issues] 20210623 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210303 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210215 [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210310 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210302 [GitHub] [hbase] Apache9 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210216 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210312 [GitHub] [hbase] pankaj72981 commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210311 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 closed pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[pulsar-commits] 20210607 [GitHub] [pulsar] lhotari commented on issue #9248: Upgrade Thrift dependency in broker to solve CVE-2019-0210, CVE-2019-0205 and CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 opened a new pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)

Source: MLIST
Type: Mailing List, Vendor Advisory
[thrift-notifications] 20210317 [GitHub] [thrift] cyril867 edited a comment on pull request #2208: THRIFT-5237 Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class (c_glib)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] apurtell commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[thrift-notifications] 20210317 [GitHub] [thrift] cyril867 commented on pull request #2208: THRIFT-5237 Implement MAX_MESSAGE_SIZE and consolidate limits into a TConfiguration class (c_glib)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-commits] 20210324 [hbase] branch branch-2.2 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3086)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210308 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MISC
Type: Mailing List, Vendor Advisory
https://lists.apache.org/thread.html/r43dc2b2e928e9d845b07ac075634cb759d91bb852421dc282f87a74a%40%3Cdev.thrift.apache.org%3E

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210311 [GitHub] [hbase] pankaj72981 opened a new pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[solr-issues] 20210819 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210326 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[camel-commits] 20210823 [GitHub] [camel] zhfeng commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210312 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hive-issues] 20210609 [jira] [Resolved] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1

Source: MLIST
Type: Mailing List, Vendor Advisory
[hive-issues] 20210510 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210319 [jira] [Comment Edited] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210302 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 merged pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)

Source: MLIST
Type: Mailing List, Vendor Advisory
[thrift-user] 20210927 Analysis and guidelines concerning CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[solr-issues] 20210825 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)

Source: MLIST
Type: Mailing List, Vendor Advisory
[camel-commits] 20210823 [GitHub] [camel] zhfeng opened a new pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hive-issues] 20210530 [jira] [Work started] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-commits] 20210325 [hbase] branch branch-2.3 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3085)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210324 [GitHub] [hbase] Apache-HBase commented on pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)

Source: MLIST
Type: Exploit, Mailing List, Vendor Advisory
[hbase-issues] 20210302 [GitHub] [hbase] Apache-HBase commented on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Exploit, Mailing List, Vendor Advisory
[camel-commits] 20210824 [GitHub] [camel] oscerd commented on pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210316 [GitHub] [hbase] pankaj72981 merged pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[solr-issues] 20210819 [GitHub] [solr] janhoy opened a new pull request #268: SOLR-15324 Upgrade Jaeger dependency from 1.1.0 to 1.6.0

Source: MLIST
Type: Mailing List, Vendor Advisory
[solr-issues] 20210420 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr

Source: MLIST
Type: Mailing List, Vendor Advisory
[druid-commits] 20210513 [GitHub] [druid] clintropolis merged pull request #11251: [Backport] suppress CVE-2020-13949 again for a time

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210311 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[thrift-user] 20210217 Apache Thrift 0.14.0 Release not on Maven central

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210318 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[solr-issues] 20210819 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] pankaj72981 edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hive-issues] 20210609 [jira] [Work logged] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1

Source: MLIST
Type: Mailing List, Vendor Advisory
[thrift-user] 20211004 Re: Analysis and guidelines concerning CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210325 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[solr-issues] 20210825 [jira] [Commented] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210325 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210319 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[solr-issues] 20210407 [jira] [Created] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3086: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.2)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210325 [GitHub] [hbase] Apache-HBase commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-commits] 20210324 [hbase] branch branch-2.4 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3084)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)

Source: MLIST
Type: Mailing List, Vendor Advisory
[druid-commits] 20210513 [GitHub] [druid] clintropolis merged pull request #11250: suppress CVE-2020-13949 again for a time

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 merged pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210325 [GitHub] [hbase] pankaj72981 merged pull request #3085: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.3)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hive-issues] 20210517 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1

Source: MLIST
Type: Mailing List, Vendor Advisory
[solr-issues] 20210507 [jira] [Updated] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr

Source: MLIST
Type: Mailing List, Vendor Advisory
[thrift-user] 20210224 Re: [SECURITY] CVE-2020-13949 Announcement

Source: MLIST
Type: Mailing List, Vendor Advisory
[druid-commits] 20210513 [GitHub] [druid] clintropolis opened a new pull request #11250: suppress CVE-2020-13949 again for a time

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210326 [jira] [Updated] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[druid-commits] 20210513 [GitHub] [druid] clintropolis commented on pull request #11251: [Backport] suppress CVE-2020-13949 again for a time

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3084: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2.4)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210324 [GitHub] [hbase] pankaj72981 opened a new pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hive-dev] 20210510 [jira] [Created] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.0 due

Source: MLIST
Type: Mailing List, Vendor Advisory
[hive-issues] 20210530 [jira] [Updated] (HIVE-25098) [CVE-2020-13949] Upgrade thrift from 0.13.0 to 0.14.1

Source: MLIST
Type: Mailing List, Vendor Advisory
[thrift-user] 20210312 Thrift 0.13 micro for CVE-2020-13949?

Source: MLIST
Type: Mailing List, Vendor Advisory
[solr-issues] 20210819 [jira] [Assigned] (SOLR-15324) High security vulnerability in Apache Thrift - CVE-2020-13949 (+1) bundled within Solr

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-commits] 20210326 [hbase] branch branch-2 updated: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (#3083)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210215 [GitHub] [hbase] apurtell edited a comment on pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210215 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210315 [GitHub] [hbase] Apache-HBase commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210326 [GitHub] [hbase] pankaj72981 commented on pull request #3083: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949 (branch-2)

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210320 RE: [jira] [Work started] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210302 [jira] [Commented] (HBASE-25568) Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210315 [GitHub] [hbase] saintstack commented on pull request #3043: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[hbase-issues] 20210302 [GitHub] [hbase] pankaj72981 commented on a change in pull request #2958: HBASE-25568 Upgrade Thrift jar to fix CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[camel-commits] 20210823 [GitHub] [camel] zhfeng merged pull request #5976: Upgrade thrift to 0.14.1 include the fix of CVE-2020-13949

Source: MLIST
Type: Mailing List, Vendor Advisory
[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new issue #11028: Bump Thrift library version

Source: CCN
Type: oss-sec Mailing List, Thu, 11 Feb 2021 23:43:29 +0100
CVE-2020-13949: Apache Thrift: potential DoS when processing untrusted payloads

Source: GENTOO
Type: Third Party Advisory
GLSA-202107-32

Source: CCN
Type: Apache Web site
Apache Thrift

Source: CCN
Type: IBM Security Bulletin 6436677 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Thrift

Source: CCN
Type: IBM Security Bulletin 6469135 (Security Guardium Insights)
IBM Security Guardium Insights is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6475673 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6572497 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift

Source: CCN
Type: IBM Security Bulletin 6831813 (Netcool Operations Insight)
Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6958146 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in CloudPak for Watson AIOPs

Source: CCN
Type: IBM Security Bulletin 6982841 (Netcool Operations Insight)
Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6983567 (Watson Discovery)
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Thrift

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:hive:*:*:*:*:*:*:*:* (Version < 4.0.0)
  • OR cpe:/a:apache:thrift:*:*:*:*:*:*:*:* (Version >= 0.9.3 and <= 0.13.0)

    • Configuration 2:
  • cpe:/a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:thrift:0.13.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.0:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:p8:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:112871
    P
    		libthrift-0_14_1-0.14.1-1.6 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106331
    P
    		libthrift-0_14_1-0.14.1-1.6 on GA media (Moderate)
    2021-10-01
    BACK
    apache hive *
    apache thrift *
    oracle communications cloud native core network slice selection function 1.2.1
    oracle communications cloud native core policy 1.14.0
    apache thrift 0.13.0
    ibm security guardium 10.5
    ibm qradar security information and event manager 7.3.0
    ibm security guardium 10.6
    ibm watson discovery 2.0.0
    ibm security guardium 11.0
    ibm security guardium 11.1
    ibm qradar security information and event manager 7.4.0
    ibm security guardium 11.2
    ibm watson discovery 2.2.1
    ibm security guardium 11.3
    ibm qradar security information and event manager 7.4.3 -
    ibm qradar security information and event manager 7.3.3 p8
    ibm security guardium 11.4