1462783 – (CVE-2015-3254) CVE-2015-3254 thrift: Infinite recursion via vectors involving the skip function

Bug 1462783 (CVE-2015-3254) - CVE-2015-3254 thrift: Infinite recursion via vectors involving the skip function

Summary: CVE-2015-3254 thrift: Infinite recursion via vectors involving the skip function

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-3254
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1462784 1462785 1463719 1463720 1471339 1471340 1471341 1471342
Blocks:	1462786 1475996
TreeView+	depends on / blocked

Reported:	2017-06-19 14:13 UTC by Andrej Nemec
Modified:	2020-12-15 15:26 UTC (History)
CC List:	32 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2019-06-08 03:15:08 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:2477	0	normal	SHIPPED_LIVE	Important: Red Hat JBoss Data Virtualization 6.3 Update 7 security update	2017-08-15 19:07:56 UTC
Red Hat Product Errata	RHSA-2017:3115	0	normal	SHIPPED_LIVE	Moderate: Red Hat JBoss Fuse/A-MQ 6.3 R5 security and bug fix update	2017-11-03 00:08:36 UTC

Description Andrej Nemec 2017-06-19 14:13:32 UTC

The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function. 

References:

http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774

Upstream issue:

https://issues.apache.org/jira/browse/THRIFT-3231

Upstream patch:

https://github.com/apache/thrift/commit/cfaadcc4adcfde2a8232c62ec89870b73ef40df1

Comment 1 Andrej Nemec 2017-06-19 14:14:33 UTC

Created thrift tracking bugs for this issue:

Affects: epel-7 [bug 1462785]
Affects: fedora-all [bug 1462784]

Comment 5 errata-xmlrpc 2017-08-15 15:10:05 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Data Virtualization

Via RHSA-2017:2477 https://access.redhat.com/errata/RHSA-2017:2477

Comment 6 errata-xmlrpc 2017-11-02 20:09:36 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Fuse

Via RHSA-2017:3115 https://access.redhat.com/errata/RHSA-2017:3115

Comment 7 Jason Shepherd 2018-04-03 04:32:04 UTC

libthrift is not included in Openshift Enterprise. Setting as not affected.

Comment 11 Joshua Padman 2019-05-15 22:44:38 UTC

This vulnerability is out of security support scope for the following product:
 * Red Hat JBoss Operations Network 3

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.

Note You need to log in before you can comment on or make changes to this bug.

abhgupta
ahardin
aileenc
bleanhar
ccoleman
chazlett
ctubbsii
dbaker
dedgar
dmcphers
gvarsami
jcoleman
jgoulding
jkeck
jokerman
jolee
jshepherd
kconner
ldimaggi
loleary
mchappel
milleruntime
nwallace
rwagner
sardella
spinder
tcunning
theute
tiwillia
tkirby
vhalbert
willb