Description
Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings.

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Description: Specially crafted requests can crash an c_glib-based Thrift server with a clean but fatal "free(): invalid pointer" error message.
Published: 2026-04-28
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from mismatched memory management routines in the c_glib language bindings of Apache Thrift. An attacker can send specially crafted requests that trigger a free(): invalid pointer exception, causing the server to crash and become unavailable, which constitutes a denial‑of‑service flaw. The flaw does not directly expose data or allow privilege escalation. The likely attack vector is an unauthenticated network request to a Thrift c_glib service, implying that any host that can reach the service can potentially exploit the issue.

Affected Systems

Apache Thrift servers that use the c_glib bindings, specifically all releases before version 0.23.0, are impacted. The vendor is the Apache Software Foundation and the product is Apache Thrift.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity impact. The EPSS score of < 1% suggests exploitation likelihood is low, and the vulnerability is not listed in the CISA KEV catalog. Nevertheless, any publicly exposed Thrift service can be targeted with a simple malformed request, meaning that the condition for exploitation is minimal. The combination of a high‑severity crash and low exploitation probability leads to a moderate overall risk assessment.

Generated by OpenCVE AI on April 28, 2026 at 23:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Apache Thrift version 0.23.0 or newer.
  • If patching is not possible, isolate the Thrift service behind a firewall and allow connections only from trusted hosts.
  • Monitor service logs for "free(): invalid pointer" events and configure alerts for sudden crashes; consider enabling automatic restarts to reduce downtime.

Generated by OpenCVE AI on April 28, 2026 at 23:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache thrift
CPEs cpe:2.3:a:apache:thrift:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache thrift

Tue, 28 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 28 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Description Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an c_glib-based Thrift server with a clean but fatal "free(): invalid pointer" error message.
Title Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.
Weaknesses CWE-762
References

Subscriptions

Apache Thrift
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-04-28T13:55:52.591Z

Reserved: 2025-05-20T20:27:01.040Z

Link: CVE-2025-48431

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-28T10:16:02.153

Modified: 2026-04-28T18:40:41.663

Link: CVE-2025-48431

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T10:10:59Z

Weaknesses