> Apache Thrift 缓冲区错误漏洞

Apache Thrift 缓冲区错误漏洞

CNNVD-ID编号	CNNVD-201910-1680	CVE编号	CVE-2019-0210
发布时间	2019-10-29	更新时间	2021-01-27
漏洞类型	缓冲区错误	漏洞来源	N/A
危险等级	高危	威胁类型	远程
厂商	N/A

漏洞介绍

Apache Thrift是美国阿帕奇（Apache）基金会的一个用于跨平台开发的框架。

Apache Thrift 0.9.3版本至0.12.0版本中存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。

漏洞补丁

目前厂商已发布升级了Apache Thrift 缓冲区错误漏洞的补丁，Apache Thrift 缓冲区错误漏洞的补丁获取链接：

http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/<277A46CA87494176B1BBCF5D72624A2A%40HAGGIS>

参考网址

来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0806

来源:MLIST

链接：https://lists.apache.org/thread.html/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff@%3Ccommits.pulsar.apache.org%3E

来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0805

来源:MLIST

链接：https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f@%3Ccommits.pulsar.apache.org%3E

来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0804

来源:MLIST

链接：https://lists.apache.org/thread.html/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142@%3Ccommits.pulsar.apache.org%3E

来源:mail-archives.apache.org

链接：http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E

来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2020:0811

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1882/

来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157741/Red-Hat-Security-Advisory-2020-2067-01.html

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2050/

来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156701/Red-Hat-Security-Advisory-2020-0804-01.html

来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/Red-Hat-JBoss-Enterprise-Application-Platform-three-vulnerabilities-31779

来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities/

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0915/

来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/160562/Red-Hat-Security-Advisory-2020-5568-01.html

来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158048/Red-Hat-Security-Advisory-2020-2512-01.html

来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/156885/Red-Hat-Security-Advisory-2020-0962-01.html

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2042/

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.4464/

来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157859/Red-Hat-Security-Advisory-2020-2333-01.html

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1858/

来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2019-0210

来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1120701

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1052/

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1024/

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1766/

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201910-1680