What is CVE-2019-0205?

CVE-2019-0205 is a vulnerability in Apache Thrift. Published 2019-10-28.

Is CVE-2019-0205 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Thrift

CVE-2019-0205

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed…

EPSS: 0.007 (72.8th percentile) — read the EPSS interpretation.

Affected products

Apache Thrift — versions all versions up to and including 0.12.0

Public proof-of-concept exploits

k1LoW/oshka

References

[thrift-dev] 20191106 [jira] [Updated] (THRIFT-4997) Nexus Scan Reporting Security issue CVE-2019-0205 for Thrift: (mailing-list, x_refsource_MLIST)
[thrift-dev] 20191106 [jira] [Comment Edited] (THRIFT-4997) Nexus Scan Reporting Security issue CVE-2019-0205 for Thrift: (mailing-list, x_refsource_MLIST)
[thrift-dev] 20191106 [jira] [Created] (THRIFT-4997) Nexus Scan Reporting Security issue CVE-2019-0205 for Thrift: (mailing-list, x_refsource_MLIST)
[thrift-dev] 20191106 [jira] [Resolved] (THRIFT-4997) Nexus Scan Reporting Security issue CVE-2019-0205 for Thrift: (mailing-list, x_refsource_MLIST)
[thrift-dev] 20191106 [jira] [Assigned] (THRIFT-4997) Nexus Scan Reporting Security issue CVE-2019-0205 for Thrift: (mailing-list, x_refsource_MLIST)
[thrift-user] 20191107 CVE-2019-0205 (mailing-list, x_refsource_MLIST)
[thrift-user] 20191108 Re: CVE-2019-0205 (mailing-list, x_refsource_MLIST)
[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15415) CVE-2019-0205 (Apache Thrift all versions up to and including 0.12.0 vulnerable) of severity 7.5 (mailing-list, x_refsource_MLIST)
[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4 (mailing-list, x_refsource_MLIST)
[hive-dev] 20200116 [jira] [Created] (HIVE-22738) CVE-2019-0205 (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2019-0205?: CVE-2019-0205 is a vulnerability in Apache Thrift. Published 2019-10-28.
Is CVE-2019-0205 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.