oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2026-41602: Apache Thrift: Go TFramedTransport uint32 overflow

From: Jens Geyer <jensg () apache org>
Date: Tue, 28 Apr 2026 00:01:06 +0000
Severity: important 

Affected versions:

- Apache Thrift before 0.23.0

Description:

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Credit:

김범수 (finder)

References:

https://thrift.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-41602
Previous By Date Next
Previous By Thread Next

Current thread: