Login Sign Up

CVE-2021-24028

9.8 CRITICAL
Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability in Facebook Thrift's table-based serialization allows an invalid free operation that can crash applications or potentially lead to remote code execution. It affects all systems running Facebook Thrift versions prior to v2021.02.22.00. Attackers could exploit this to take control of affected systems.

💻 Affected Systems

Products:
  • Facebook Thrift (fbthrift)
Versions: All versions prior to v2021.02.22.00
Operating Systems: All operating systems running affected Thrift versions
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using Thrift's table-based serialization is vulnerable. The vulnerability is in the core library, not dependent on specific configurations.

📦 What is this software?

Thrift by Facebook

View all CVEs affecting Thrift →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or lateral movement within the network.

🟠

Likely Case

Application crashes causing denial of service, with potential for memory corruption leading to code execution in some scenarios.

🟢

If Mitigated

Application crashes with no code execution due to memory protections like ASLR and DEP.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted serialized data to a vulnerable Thrift endpoint. No public exploit code has been released.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2021.02.22.00 and later

Vendor Advisory: https://www.facebook.com/security/advisories/cve-2021-24028

Restart Required: Yes

Instructions:

1. Update Facebook Thrift to version v2021.02.22.00 or later. 2. Rebuild and redeploy any applications using Thrift. 3. Restart affected services.

🔧 Temporary Workarounds

Disable table-based serialization

all

If possible, configure applications to use binary or compact serialization instead of table-based serialization.

Network segmentation

all

Restrict network access to Thrift services to only trusted sources.

🧯 If You Can't Patch

  • Implement strict input validation and sanitization for all Thrift serialization inputs.
  • Deploy memory protection mechanisms like ASLR, DEP, and control flow integrity where available.

🔍 How to Verify

Check if Vulnerable:

Check Thrift version in your application dependencies or system packages. Versions before v2021.02.22.00 are vulnerable.

Check Version:

For Python: pip show thrift | grep Version; For system packages: rpm -q thrift or dpkg -l | grep thrift

Verify Fix Applied:

Confirm Thrift version is v2021.02.22.00 or later and verify applications are using the updated library.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory corruption errors
  • Segmentation faults in Thrift processes
  • Unexpected process terminations

Network Indicators:

  • Unusual Thrift protocol traffic patterns
  • Large or malformed serialization payloads

SIEM Query:

source="thrift.log" AND (event="segfault" OR event="crash" OR event="memory_error")

📊 Metadata

CVE ID: CVE-2021-24028
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-763
Published: April 14, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24028, you might also want to check these:

CVE-2024-44852 9.8

CVE-2024-44852 is a critical memory corruption vulnerability in ROS2 navigation2's theta_star planne...

Same vulnerability type (CWE-763)
CVE-2021-3682 8.5

This vulnerability in QEMU's USB redirector device emulation allows a malicious SPICE client to trig...

Same vulnerability type (CWE-763)
CVE-2023-34312 7.8

This vulnerability in Tencent QQ and TIM messaging applications allows local attackers to achieve pr...

Same vulnerability type (CWE-763)