CVE-2026-43868
Memory Allocation with Excessive Size Value in Apache Thrift
Publication date: 2026-05-05
Last updated on: 2026-05-06
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | thrift | to 0.23.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability is a Memory Allocation with Excessive Size Value issue in Apache Thrift. This means that the software may allocate memory based on an excessively large size value, which can lead to unexpected behavior or resource exhaustion.
This issue affects versions of Apache Thrift before 0.23.0.
Users are advised to upgrade to version 0.23.0 where this issue has been fixed.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the application to allocate excessive amounts of memory, potentially leading to resource exhaustion, application crashes, or denial of service conditions.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the Memory Allocation with Excessive Size Value vulnerability in Apache Thrift, users are recommended to upgrade to Apache Thrift version 0.23.0, which contains the fix for this issue.