Thrift
Sign in to watchby Apache
Source repositories
CVEs (12)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41604 | Hig | 0.53 | 8.2 | 0.00 | Apr 28, 2026 | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |
| CVE-2026-41636 | Hig | 0.49 | 7.5 | 0.00 | Apr 28, 2026 | Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |
| CVE-2026-41602 | Hig | 0.49 | 7.5 | 0.00 | Apr 28, 2026 | Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |
| CVE-2025-48431 | Hig | 0.49 | 7.5 | 0.00 | Apr 28, 2026 | Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an c_glib-based Thrift server with a clean but fatal "free(): invalid pointer" error message. | |
| CVE-2026-41603 | Hig | 0.48 | 7.4 | 0.00 | Apr 28, 2026 | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |
| CVE-2026-41605 | Hig | 0.47 | 7.3 | 0.00 | Apr 28, 2026 | Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |
| CVE-2026-41607 | Med | 0.42 | 6.5 | 0.00 | Apr 28, 2026 | Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |
| CVE-2015-3254 | Med | 0.42 | 6.5 | 0.02 | Jun 16, 2017 | The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function. | |
| CVE-2026-43870 | Hig | 0.40 | 7.3 | 0.00 | May 5, 2026 | Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |
| CVE-2026-43869 | Hig | 0.40 | 7.3 | 0.00 | May 5, 2026 | Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |
| CVE-2026-41606 | Med | 0.34 | 5.3 | 0.00 | Apr 28, 2026 | Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | |
| CVE-2026-43868 | Med | 0.27 | 5.3 | 0.00 | May 5, 2026 | Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. |