CVE-2025-48431
Mismatched Memory Management in Apache Thrift c_glib Causes Crash
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | thrift | to 0.23.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-762 | The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-48431 is a vulnerability in the Apache Thrift c_glib language bindings affecting versions prior to 0.23.0.
The issue is a Mismatched Memory Management Routines vulnerability, where specially crafted input can cause a c_glib-based Thrift server to crash with a fatal "free(): invalid pointer" error.
This happens due to improper handling of memory deallocation routines, leading to invalid pointer errors during server operation.
How can this vulnerability impact me? :
This vulnerability can cause a c_glib-based Thrift server to crash when it processes specially crafted requests.
The crash results in a clean but fatal "free(): invalid pointer" error, which can lead to denial of service by making the server unavailable.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability causes a c_glib-based Thrift server to crash with a fatal "free(): invalid pointer" error message when it receives specially crafted requests.
Detection can involve monitoring server logs or output for the presence of this specific error message indicating a crash due to invalid pointer deallocation.
There are no specific commands provided in the available information to detect this vulnerability directly.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation step is to upgrade Apache Thrift to version 0.23.0 or later, as this version contains the fix for the mismatched memory management routines vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.