CVE-2025-48431: Apache Thrift glibc language bindings: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.

Mon, 27 Apr 2026 17:07:59 -0700 

Severity: important 

Affected versions:

- Apache Thrift glibc language bindings before 0.23.0

Description:

Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib 
language bindings.

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Description: Specially crafted requests can crash an c_glib-based Thrift server 
with a clean but fatal "free(): invalid pointer" error message.

Credit:

Hasnain Lakhani (finder)
Hasnain Lakhani (remediation developer)

References:

https://thrift.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-48431

Reply via email to