GHSA-cjw4-2w9r-r8mv

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cjw4-2w9r-r8mv/GHSA-cjw4-2w9r-r8mv.json
Aliases
Published
2022-05-24T17:00:40Z
Modified
2022-08-16T03:30:17.220018Z
Details

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.

References

Affected packages

PyPI / pyarrow

pyarrow

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.12.0
Fixed
0.15.1

Affected versions

0.*

0.12.0
0.12.1
0.13.0
0.14.0
0.14.1
0.15.0

RubyGems / red-arrow

red-arrow

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.12.0
Fixed
0.15.1

Affected versions

0.*

0.12.0
0.13.0
0.14.0
0.14.1
0.15.0