Hasnain Lakhani

**Name of the Vulnerable Software and Affected Versions** Apache Thrift versions prior to 0.23.0 **Description** Mismatched Memory Management Routines in c glib language bindings allow specially crafted requests to crash a c glib-based Thrift server, resulting in a fatal "free(): invalid pointer" error. **Recommendations** Upgrade to version 0.23.0.

**Name of the Vulnerable Software and Affected Versions** Apache Thrift versions prior to 0.23.0 **Description** An out-of-bounds read issue exists in Apache Thrift, which occurs when the software reads data outside the intended boundary of a buffer. **Recommendations** Upgrade to version 0.23.0.

**Name of the Vulnerable Software and Affected Versions** Apache Thrift versions prior to 0.23.0 **Description** An integer overflow or wraparound issue exists in Apache Thrift. This occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of bits, potentially causing the value to wrap around to a minimum or maximum value. **Recommendations** Upgrade to version 0.23.0.

**Name of the Vulnerable Software and Affected Versions** Apache Thrift versions prior to 0.23.0 **Description** Uncontrolled recursion occurs in Apache Thrift, which can lead to system instability or crashes when the software processes deeply nested data structures. **Recommendations** Upgrade to version 0.23.0.

**Name of the Vulnerable Software and Affected Versions** Apache Thrift versions prior to 0.23.0 **Description** An out-of-bounds read issue exists in Apache Thrift, which occurs when the software reads data past the end of the intended buffer. **Recommendations** Upgrade to version 0.23.0.