{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-48431", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2025-05-20T20:27:01.040Z", "datePublished": "2026-04-28T09:11:44.283Z", "dateUpdated": "2026-07-09T12:09:38.976Z" }, "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Thrift", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "0.23.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Hasnain Lakhani" }, { "lang": "en", "type": "remediation developer", "value": "Hasnain Lakhani" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "
Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings.
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
Description: Specially crafted requests can crash an c_glib-based Thrift server with a clean but fatal \"free(): invalid pointer\" error message.