PT-2026-35698 · Apache · Apache Thrift
Hasnain Lakhani
·
Published
2026-04-28
·
Updated
2026-04-28
·
CVE-2025-48431
CVSS v3.1
7.5
High
| AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Mismatched Memory Management Routines vulnerability in Apache Thrift c glib language bindings.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
Description: Specially crafted requests can crash an c glib-based Thrift server with a clean but fatal "free(): invalid pointer" error message.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Thrift