PT-2024-31819 · Facebook · Facebook Thrift
Published
2024-09-27
·
Updated
2024-09-30
·
CVE-2024-45863
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Facebook Thrift versions v2024.09.09.00 through v2024.09.23.00
Description
A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects.
Recommendations
For Facebook Thrift versions v2024.09.09.00 through v2024.09.23.00, consider updating to a version newer than v2024.09.23.00 to resolve the issue. As a temporary workaround, consider restricting the parsing of requests with invalid protocols to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Facebook Thrift