Use-After-Free Vulnerability in Facebook Thrift
CVE-2024-45773

7.5HIGH

Key Information:

Vendor: Facebook
Status: Facebook Thrift
Vendor: CVE Published:; 27 September 2024

What is CVE-2024-45773?

A use-after-free vulnerability has been identified in Facebook Thrift related to upgradeToRocket requests. This vulnerability may lead to application crashes and can also potentially allow for code execution among other negative impacts on system performance and security. Users of Facebook Thrift should ensure they are using versions newer than v2024.09.09.00 to mitigate associated risks.

Affected Version(s)

Facebook Thrift v0.0.0.0

References

https://www.facebook.com/security/advisories/cve-2024-45773

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2024

CVE-2024-45773 Data

JSON