CVE-2019-0210 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
apache	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 52%

Vendor	Product	Version
apache	thrift	0.9.3 ≤ 𝑥 ≤ 0.12.0
redhat	jboss_enterprise_application_platform	7.2.0
oracle	communications_cloud_native_core_network_slice_selection_function	1.2.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

thrift

bullseye	0.13.0-6 fixed
buster	no-dsa
bookworm	0.17.0-2 fixed
sid	0.19.0-2.1 fixed
trixie	0.19.0-2.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

thrift

focal	not-affected
eoan	ignored
disco	dne
bionic	dne
xenial	dne
trusty	dne

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E

https://access.redhat.com/errata/RHSA-2020:0804

https://access.redhat.com/errata/RHSA-2020:0805

https://access.redhat.com/errata/RHSA-2020:0806

https://access.redhat.com/errata/RHSA-2020:0811

https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f%40%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9%40%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff%40%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142%40%3Ccommits.pulsar.apache.org%3E

https://security.gentoo.org/glsa/202107-32

https://www.oracle.com//security-alerts/cpujul2021.html

http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E

https://access.redhat.com/errata/RHSA-2020:0804

https://access.redhat.com/errata/RHSA-2020:0805

https://access.redhat.com/errata/RHSA-2020:0806

https://access.redhat.com/errata/RHSA-2020:0811

https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f%40%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9%40%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff%40%3Ccommits.pulsar.apache.org%3E

https://lists.apache.org/thread.html/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142%40%3Ccommits.pulsar.apache.org%3E

https://security.gentoo.org/glsa/202107-32

https://www.oracle.com//security-alerts/cpujul2021.html