—

GO-2021-0101

Panic due to out-of-bounds read in github.com/apache/thrift

Details

Due to an improper bounds check, parsing maliciously crafted messages can cause panics. If this package is used to parse untrusted input, this may be used as a vector for a denial of service attack.

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/apache/thrift

Introduced in: 0.0.0-20151001171628-53dd39833a08 Fixed in: 0.13.0

Fix go get github.com/apache/thrift@v0.13.0

References

https://github.com/apache/thrift/commit/264a3f318ed3e9e51573f67f963c8509786bcec2 [FIX]