CVE-2021-24028

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
facebookCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
facebookthrift
𝑥
< 2021.02.22.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339
https://www.facebook.com/security/advisories/cve-2021-24028
https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339
https://www.facebook.com/security/advisories/cve-2021-24028