CVE-2019-12410
published 2019-11-08CVE-2019-12410: While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | arrow | 0.12.0 – 0.14.1 | — |
| apache_software_foundation | apache_arrow | — | — |
| debian | apache-arrow | — | — |