CVE-2021-24028

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339	Patch Third Party Advisory
https://www.facebook.com/security/advisories/cve-2021-24028	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:facebook:thrift:*:*:*:*:*:*:*:*

Information

Published : 2021-04-13 17:15

Updated : 2021-04-21 08:38

NVD link : CVE-2021-24028

Mitre link : CVE-2021-24028

JSON object : View

CWE

CWE-763

Release of Invalid Pointer or Reference

Advertisement

Products Affected

facebook

thrift

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339", "name": "https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.facebook.com/security/advisories/cve-2021-24028", "name": "https://www.facebook.com/security/advisories/cve-2021-24028", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-763"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-24028", "ASSIGNER": "cve-assign@fb.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2021-04-14T00:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:facebook:thrift:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2021.02.22.00"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-04-21T15:38Z"}