vulnerability

Ubuntu: (CVE-2019-3559): libthrift-java vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	May 6, 2019	Jun 26, 2025	Jun 26, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

May 6, 2019

Added

Jun 26, 2025

Modified

Jun 26, 2025

Description

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.02.18.00.

Solution

no-fix-ubuntu-package

References

CVE-2019-3559
https://attackerkb.com/topics/CVE-2019-3559
URL-https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943
URL-https://www.cve.org/CVERecord?id=CVE-2019-3559
URL-https://www.facebook.com/security/advisories/cve-2019-3559

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today