Lucene search

K
cvelistApacheCVELIST:CVE-2019-12410
HistoryNov 08, 2019 - 6:04 p.m.

CVE-2019-12410

2019-11-0818:04:52
apache
www.cve.org

7.6 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.

CNA Affected

[
  {
    "product": "Apache Arrow",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Arrow 0.12.0 to 0.14.1"
      }
    ]
  }
]

7.6 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

Related for CVELIST:CVE-2019-12410