oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-48431: Apache Thrift glibc language bindings: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.

From: Jens Geyer <jensg () apache org>
Date: Tue, 28 Apr 2026 00:01:21 +0000
Severity: important 

Affected versions:

- Apache Thrift glibc language bindings before 0.23.0

Description:

Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings.

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Description: Specially crafted requests can crash an c_glib-based Thrift server with a clean but fatal "free(): invalid 
pointer" error message.

Credit:

Hasnain Lakhani (finder)
Hasnain Lakhani (remediation developer)

References:

https://thrift.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-48431
Previous By Date Next
Previous By Thread Next

Current thread: