GHSA-wf45-q9ch-q8gh

Suggest an improvement
Source
https://github.com/advisories/GHSA-wf45-q9ch-q8gh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-wf45-q9ch-q8gh/GHSA-wf45-q9ch-q8gh.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-wf45-q9ch-q8gh
Aliases
Downstream
Related
Published
2026-04-28T12:31:30Z
Modified
2026-05-07T14:59:03.016650949Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Apache Thrift TFramedTransport Go language implementation has an Integer Overflow or Wraparound vulnerability
Details

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Database specific 
{
    "nvd_published_at": "2026-04-28T10:16:03Z",
    "github_reviewed": true,
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-190"
    ],
    "github_reviewed_at": "2026-05-06T19:57:08Z"
}
References

Affected packages

Go / github.com/apache/thrift

Package

Name
github.com/apache/thrift
View open source insights on deps.dev
Purl
pkg:golang/github.com/apache/thrift

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-wf45-q9ch-q8gh/GHSA-wf45-q9ch-q8gh.json"