—

GO-2021-0101

Panic due to out-of-bounds read in github.com/apache/thrift

상세

Due to an improper bounds check, parsing maliciously crafted messages can cause panics. If this package is used to parse untrusted input, this may be used as a vector for a denial of service attack.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Go / github.com/apache/thrift

최초 영향 버전: 0.0.0-20151001171628-53dd39833a08 수정 버전: 0.13.0

수정 go get github.com/apache/thrift@v0.13.0

참고

https://github.com/apache/thrift/commit/264a3f318ed3e9e51573f67f963c8509786bcec2 [FIX]