Release of Invalid Pointer or Reference

CVE-2021-24028

High

9.8/10

Summary

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-763 - Release of Invalid Pointer or Reference

The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.

References

Advisory Timeline

Published Apr 14, 2021

Release of Invalid Pointer or Reference

CVE-2021-24028

Summary

CWE-763 - Release of Invalid Pointer or Reference

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS