CRITICAL🇵🇱 Wersja polska

CVE-2021-24028

CVSS 9.8v3.1pub. 2021-04-14upd. 2024-11-21

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Facebook Thrift

    APP
    Facebook
    < 2021.02.22.00
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2019-11939HIGH7.5ten sam produkt

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger th...

CVE-2019-3553HIGH7.5ten sam produkt

C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than ...

CVE-2019-11938HIGH7.5ten sam produkt

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than...

CVE-2019-3559HIGH7.5ten sam produkt

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type...

CVE-2019-3564HIGH7.5ten sam produkt

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. ...