{"id":"UBUNTU-CVE-2026-41602","details":"Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.","modified":"2026-05-20T16:12:58.934568461Z","published":"2026-04-28T10:16:00Z","upstream":["CVE-2026-41602"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-41602"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2026-41602"}],"affected":[{"package":{"name":"thrift","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/thrift?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.11.0-6","0.13.0-2build1","0.13.0-2build2"],"ecosystem_specific":{"binaries":[{"binary_name":"golang-thrift-dev","binary_version":"0.13.0-2build2"},{"binary_name":"libthrift-0.13.0","binary_version":"0.13.0-2build2"},{"binary_name":"libthrift-c-glib0","binary_version":"0.13.0-2build2"},{"binary_name":"libthrift-perl","binary_version":"0.13.0-2build2"},{"binary_name":"php-thrift","binary_version":"0.13.0-2build2"},{"binary_name":"python3-thrift","binary_version":"0.13.0-2build2"},{"binary_name":"thrift-compiler","binary_version":"0.13.0-2build2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-41602.json"}},{"package":{"name":"thrift","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/thrift?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.13.0-6ubuntu1","0.13.0-6ubuntu2","0.13.0-6ubuntu3","0.13.0-7","0.16.0-2"],"ecosystem_specific":{"binaries":[{"binary_name":"golang-thrift-dev","binary_version":"0.16.0-2"},{"binary_name":"libthrift-0.16.0","binary_version":"0.16.0-2"},{"binary_name":"libthrift-c-glib0","binary_version":"0.16.0-2"},{"binary_name":"libthrift-perl","binary_version":"0.16.0-2"},{"binary_name":"php-thrift","binary_version":"0.16.0-2"},{"binary_name":"python3-thrift","binary_version":"0.16.0-2"},{"binary_name":"thrift-compiler","binary_version":"0.16.0-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-41602.json"}},{"package":{"name":"thrift","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/thrift?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.17.0-4","0.19.0-2","0.19.0-2build1","0.19.0-2.1build4","0.19.0-2.1build5"],"ecosystem_specific":{"binaries":[{"binary_name":"golang-thrift-dev","binary_version":"0.19.0-2.1build5"},{"binary_name":"libthrift-0.19.0t64","binary_version":"0.19.0-2.1build5"},{"binary_name":"libthrift-c-glib0t64","binary_version":"0.19.0-2.1build5"},{"binary_name":"libthrift-perl","binary_version":"0.19.0-2.1build5"},{"binary_name":"php-thrift","binary_version":"0.19.0-2.1build5"},{"binary_name":"python3-thrift","binary_version":"0.19.0-2.1build5"},{"binary_name":"thrift-compiler","binary_version":"0.19.0-2.1build5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-41602.json"}},{"package":{"name":"thrift","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/thrift?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.19.0-4build1"],"ecosystem_specific":{"binaries":[{"binary_name":"golang-thrift-dev","binary_version":"0.19.0-4build1"},{"binary_name":"libthrift-0.19.0t64","binary_version":"0.19.0-4build1"},{"binary_name":"libthrift-c-glib0t64","binary_version":"0.19.0-4build1"},{"binary_name":"libthrift-perl","binary_version":"0.19.0-4build1"},{"binary_name":"php-thrift","binary_version":"0.19.0-4build1"},{"binary_name":"python3-thrift","binary_version":"0.19.0-4build1"},{"binary_name":"thrift-compiler","binary_version":"0.19.0-4build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-41602.json"}},{"package":{"name":"thrift","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/thrift?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.19.0-4build1","0.22.0-3","0.22.0-3ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"golang-thrift-dev","binary_version":"0.22.0-3ubuntu1"},{"binary_name":"libthrift-0.22.0","binary_version":"0.22.0-3ubuntu1"},{"binary_name":"libthrift-c-glib0t64","binary_version":"0.22.0-3ubuntu1"},{"binary_name":"libthrift-perl","binary_version":"0.22.0-3ubuntu1"},{"binary_name":"php-thrift","binary_version":"0.22.0-3ubuntu1"},{"binary_name":"python3-thrift","binary_version":"0.22.0-3ubuntu1"},{"binary_name":"thrift-compiler","binary_version":"0.22.0-3ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-41602.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}