CRITICAL🇬🇧 English

CVE-2021-24028

CVSS 9.8v3.1pub. 2021-04-14upd. 2024-11-21

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Facebook Thrift

    APP
    Facebook
    < 2021.02.22.00
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2019-11939HIGH7.5ten sam produkt

Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger th...

CVE-2019-3553HIGH7.5ten sam produkt

C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than ...

CVE-2019-11938HIGH7.5ten sam produkt

Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than...

CVE-2019-3559HIGH7.5ten sam produkt

Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type...

CVE-2019-3564HIGH7.5ten sam produkt

Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. ...