Shodan
Vulnerabilities
Vulnerable Software
Apache:  >> Thrift  >> 0.13.0  Security Vulnerabilities
CVE-2026-41602
Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-04-28
CVE-2026-41603
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVSS Score
7.4
EPSS Score
0.001
Published
2026-04-28
CVE-2026-41604
Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVSS Score
8.2
EPSS Score
0.002
Published
2026-04-28
CVE-2026-41605
Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVSS Score
7.3
EPSS Score
0.001
Published
2026-04-28
CVE-2026-41606
Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVSS Score
5.3
EPSS Score
0.002
Published
2026-04-28
CVE-2026-41607
Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVSS Score
6.5
EPSS Score
0.002
Published
2026-04-28
CVE-2025-48431
Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an c_glib-based Thrift server with a clean but fatal "free(): invalid pointer" error message.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-04-28
CVE-2020-13949
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
CVSS Score
7.5
EPSS Score
0.008
Published
2021-02-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved