High severityNVD Advisory· Published May 6, 2019· Updated Aug 4, 2024
CVE-2019-3564
CVE-2019-3564
Description
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.03.04.00.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/facebook/fbthriftGo | < 0.31.1-0.20190225164308-c461c1bd1a3e | 0.31.1-0.20190225164308-c461c1bd1a3e |
Affected products
24- osv-coords23 versionspkg:apk/chainguard/libthriftpkg:apk/chainguard/libthrift-glibpkg:apk/chainguard/libthriftnbpkg:apk/chainguard/libthriftzpkg:apk/chainguard/py3.10-thriftpkg:apk/chainguard/py3.11-thriftpkg:apk/chainguard/py3.12-thriftpkg:apk/chainguard/py3.13-thriftpkg:apk/chainguard/py3-supported-thriftpkg:apk/chainguard/thriftpkg:apk/chainguard/thrift-devpkg:apk/wolfi/libthriftpkg:apk/wolfi/libthrift-glibpkg:apk/wolfi/libthriftnbpkg:apk/wolfi/libthriftzpkg:apk/wolfi/py3.10-thriftpkg:apk/wolfi/py3.11-thriftpkg:apk/wolfi/py3.12-thriftpkg:apk/wolfi/py3.13-thriftpkg:apk/wolfi/py3-supported-thriftpkg:apk/wolfi/thriftpkg:apk/wolfi/thrift-devpkg:golang/github.com/facebook/fbthrift
< 0+ 22 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.31.1-0.20190225164308-c461c1bd1a3e
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-x4rg-4545-4w7wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-3564ghsaADVISORY
- github.com/facebook/fbthrift/commit/c461c1bd1a3e130b181aa9c854da3030cd4b5156ghsax_refsource_MISCWEB
- lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3EghsaWEB
- pkg.go.dev/vuln/GO-2021-0088ghsaWEB
- www.facebook.com/security/advisories/cve-2019-3564ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.