VYPR
High severityOSV Advisory· Published Feb 12, 2021· Updated Aug 4, 2024

CVE-2020-13949

CVE-2020-13949

Description

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.thrift:libthriftMaven
>= 0.9.3, < 0.14.00.14.0

Affected products

139

Patches

Vulnerability mechanics

References

215

News mentions

1