Description
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269%40%3Cdev.arrow.apache.org%3E
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/11/08/1
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073%40%3Cannounce.apache.org%3E
Scores
CVSS v3
7.5
EPSS
0.0471
EPSS Percentile
90.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-909
Status
published
Products (3)
apache/arrow
0.12.0 - 0.14.1
pypi/pyarrow
0.12.0 - 0.15.1PyPI
rubygems/red-arrow
0.12.0 - 0.15.1RubyGems
Published
Nov 08, 2019
Tracked Since
Feb 18, 2026