CVE-2021-24028

Name
CVE-2021-24028
Description
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339
Vendor Advisory https://www.facebook.com/security/advisories/cve-2021-24028

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:facebook:thrift:*:*:*:*:*:*:*:* thrift >= None < 2021.02.22.00

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
thrift 3.15-community 0.15.0-r1 Patrick Gansterer <paroga@paroga.com> possibly vulnerable
thrift 3.16-community 0.16.0-r1 Patrick Gansterer <paroga@paroga.com> possibly vulnerable
thrift 3.17-community 0.17.0-r0 Patrick Gansterer <paroga@paroga.com> possibly vulnerable
thrift 3.18-community 0.18.1-r2 Patrick Gansterer <paroga@paroga.com> possibly vulnerable
thrift 3.19-community 0.19.0-r0 Patrick Gansterer <paroga@paroga.com> possibly vulnerable
thrift edge-community 0.20.0-r1 Patrick Gansterer <paroga@paroga.com> possibly vulnerable
thrift 3.20-community 0.20.0-r1 Patrick Gansterer <paroga@paroga.com> possibly vulnerable