Facebook: >> Mcrouter >> 0.9.0 Security Vulnerabilities
In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-12-04
In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-12-04