2463407 – (CVE-2026-41602) CVE-2026-41602 github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation

Bug 2463407 (CVE-2026-41602) - CVE-2026-41602 github.com/apache/thrift: Apache Thrift: Integer Overflow in TFramedTransport Go implementation

Summary: CVE-2026-41602 github.com/apache/thrift: Apache Thrift: Integer Overflow in T...

Keywords:
Status:	NEW
Alias:	CVE-2026-41602
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2463996
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-28 10:01 UTC by OSIDB Bzimport
Modified:	2026-04-30 05:34 UTC (History)
CC List:	33 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-28 10:01:39 UTC

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Note You need to log in before you can comment on or make changes to this bug.

alcohan
alinfoot
amctagga
anjoseph
aoconnor
bniver
dtrifiro
eglynn
flucifre
gmeno
gparvin
groman
jbalunas
jjoyce
jkoehler
jprabhak
jpretori
jschluet
kaycoth
lhh
lphiri
mbenjamin
mburns
mgarciac
mhackett
mwringe
pahickey
rbryant
rhaigner
sostapov
vereddy
weaton
wtam