CVE-2021-24028 — Vulnetix

CVE-2021-24028 PUBLISHED CVSS 9.800000190734863 CRITICAL

An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.

EPSS 1.67% · 82.5th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.67%

82.5th percentile

Affected Products

Vendor	Product	Versions
facebook	thrift	0
Facebook	Facebook Thrift	v2021.02.22.00, *

Timeline

Apr 13, 2021 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 27, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jul 2, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Nov 5, 2022 EPSS Score

References

https://github.com/facebook/fbthrift/commit/bfda1efa547dce11a38592820916db01b05b9339 url
https://www.facebook.com/security/advisories/cve-2021-24028 url
https://nvd.nist.gov/vuln/detail/CVE-2021-24028 advisory

Open in Interactive Console →