CVE-2026-43868

MEDIUM5.3EPSS 0.25%

Apache Thrift has a Memory Allocation with Excessive Size Value Vulnerability

Published: 5/5/2026Modified: 5/8/2026

Also known as:GHSA-2f9f-gq7v-9h6mBIT-thrift-2026-43868DEBIAN-CVE-2026-43868

Description

Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version [0.23.0](https://github.com/apache/thrift/releases/tag/v0.23.0), which fixes the issue.

Affected packages (3)

Bitnami/thriftfrom 0, < 0.23.0
crates.io/thriftfrom 0, <= 0.22.0
Debian/thriftfrom 0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-43868
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-43868
PATCHhttps://github.com/apache/thrift
WEBhttps://github.com/apache/thrift/commit/d5152211af61f850ec393604316804096dd4632e
WEBhttps://lists.apache.org/thread/zj76dtwnbbs1m7z3focf4wd51pqpsmn9