[jira] [Commented] (THRIFT-5007) Implement MAX_MESSAGE_SIZE and remaining read bytes control

Jens Geyer (Jira) Wed, 24 Feb 2021 11:56:05 -0800


    [ 
https://issues.apache.org/jira/browse/THRIFT-5007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17290224#comment-17290224
 ]


Jens Geyer commented on THRIFT-5007:
------------------------------------

CVE-2020-13949: potential DoS when processing untrusted Thrift payloads

> Implement MAX_MESSAGE_SIZE and remaining read bytes control
> -----------------------------------------------------------
>
>                 Key: THRIFT-5007
>                 URL: https://issues.apache.org/jira/browse/THRIFT-5007
>             Project: Thrift
>          Issue Type: Improvement
>          Components: Delphi - Library
>            Reporter: Jens Geyer
>            Assignee: Jens Geyer
>            Priority: Major
>             Fix For: 0.14.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> There should be a way to control the maximum allowed message size similar to 
> the maximum frame size control at TFramedTransport, but on a more general 
> level suitable for all kinds of transport/protocol.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (THRIFT-5007) Implement MAX_MESSAGE_SIZE and remaining read bytes control

Reply via email to