Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before…
A mismatched memory management routines vulnerability exists in the Apache Thrift c_glib language bindings, allowing remote attackers to crash a Thrift server with a specially crafted request. This can lead to a denial-of-service condition. The vulnerability is exploitable over the network.
Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an c_glib-based Thrift server with a clean but fatal "free(): invalid pointer" error message.
Developers using Apache Thrift c_glib language bindings are at high risk of a denial-of-service condition and should upgrade to version 0.23.0 or later to mitigate the vulnerability.
Remediation Recommended
This vulnerability carries significant risk. Schedule patching in your next cycle.
What should I do?
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
Affected Products
2
References
apache / thrift
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability
Impact