CVE-2026-43868
MEDIUM5.3EPSS 0.25%Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern
發布日:2026/5/5修改日:2026/5/17
描述
Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
受影響套件(3)
- Bitnami/thriftfrom 0, < 0.23.0
- crates.io/thriftfrom 0, <= 0.22.0
- Debian/thriftfrom 0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-43868
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-43868
- PATCHhttps://github.com/apache/thrift
- WEBhttps://github.com/apache/thrift/commit/d5152211af61f850ec393604316804096dd4632e
- WEBhttps://lists.apache.org/thread/zj76dtwnbbs1m7z3focf4wd51pqpsmn9