OSV-2022-852

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/arrow-java/OSV-2022-852.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2022-852

Published

2022-09-07T00:00:21.638154Z

Modified

2023-10-19T14:17:42.036432Z

Summary

Security exception in java.base/java.nio.Bits.reserveMemory

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51044

Crash type: Security exception
Crash state:
java.base/java.nio.Bits.reserveMemory
java.base/java.nio.DirectByteBuffer.<init>
java.base/java.nio.ByteBuffer.allocateDirect

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51044

Affected packages

OSS-Fuzz / arrow-java

Package

Name: arrow-java
Purl: pkg:generic/arrow-java

Affected ranges

Type: GIT
Repo: https://github.com/apache/arrow.git
Events: Introduced

7a0ba80702ef63e63e346d2a9ca3137d8baca8bb

Fixed

58546e2002df0d49832061925d099736a510505e

Affected versions

apache-arrow-10.*

apache-arrow-10.0.0

apache-arrow-10.0.1

apache-arrow-11.*

apache-arrow-11.0.0

apache-arrow-11.0.0.dev

apache-arrow-12.*

apache-arrow-12.0.0

apache-arrow-12.0.0.dev

apache-arrow-12.0.1

apache-arrow-13.*

apache-arrow-13.0.0

apache-arrow-13.0.0.dev

apache-arrow-14.*

apache-arrow-14.0.0

apache-arrow-14.0.0.dev

go/v10.*

go/v10.0.0

go/v10.0.1

go/v11.*

go/v11.0.0

go/v12.*

go/v12.0.0

go/v12.0.1

go/v13.*

go/v13.0.0

Ecosystem specific

{
    "severity": "LOW"
}

Database specific

{
    "fixed_range": "0b86e40622f7153d64b36b4e65e0c0ace15d6ffa:58546e2002df0d49832061925d099736a510505e"
}