72 matches found
GHSA-CJW4-2W9R-R8MV Missing Initialization of Resource in Apache Arrow
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...
Missing Initialization of Resource in Apache Arrow
It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...
GHSA-8CW2-JV5C-C825 Missing Initialization of Resource in Apache Arrow
It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...
Missing Initialization of Resource in Apache Arrow
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...
Missing Initialization of Resource in Apache Arrow
It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...
Missing Initialization of Resource in Apache Arrow
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...
OSV-2020-138 Heap-buffer-overflow in org::apache::arrow::flatbuf::Message::Verify
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21681 Crash type: Heap-buffer-overflow READ 4 Crash state: org::apache::arrow::flatbuf::Message::Verify arrow::ipc::CheckMetadataAndGetBodyLength arrow::ipc::MessageDecoder::MessageDecoderImpl::ConsumeMetadata...
arrow:arrow-ipc-file-fuzz: Heap-buffer-overflow in org::apache::arrow::flatbuf::Message::Verify
Project: https://github.com/apache/arrow.git Detailed Report: https://oss-fuzz.com/testcase?key=5693640900083712 Project: arrow Fuzzing Engine: libFuzzer Fuzz Target: arrow-ipc-file-fuzz Job Type: libfuzzerasanarrow Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address:...
arrow:arrow-ipc-file-fuzz: Crash in arrow::ipc::MessageDecoder::MessageDecoderImpl::ConsumeDataBufferInt32
Project: https://github.com/apache/arrow.git Detailed Report: https://oss-fuzz.com/testcase?key=5750282928783360 Project: arrow Fuzzing Engine: libFuzzer Fuzz Target: arrow-ipc-file-fuzz Job Type: libfuzzerubsanarrow Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0xffffffff83ea89ab...
arrow:parquet-arrow-fuzz: Heap-use-after-free in int arrow::BitUtil::BitReader::GetBatch<short>
Project: https://github.com/apache/arrow.git Detailed Report: https://oss-fuzz.com/testcase?key=5700669229236224 Project: arrow Fuzzing Engine: afl Fuzz Target: parquet-arrow-fuzz Job Type: aflasanarrow Platform Id: linux Crash Type: Heap-use-after-free WRITE 2 Crash Address: 0x62500027623a Crash...
arrow:parquet-arrow-fuzz: Heap-buffer-overflow in int arrow::util::RleDecoder::GetBatchWithDictSpaced<double>
Project: https://github.com/apache/arrow.git Detailed Report: https://oss-fuzz.com/testcase?key=5201887160958976 Project: arrow Fuzzing Engine: afl Fuzz Target: parquet-arrow-fuzz Job Type: aflasanarrow Platform Id: linux Crash Type: Heap-buffer-overflow READ 8 Crash Address: 0x61f0001a4200 Crash...
Security Bulletin: Multiple vulnerabilities CVE-2019-12410, CVE-2019-12408 in arrow package
Summary Multiple vulnerabilities CVE-2019-12410, CVE-2019-12408 in arrow package Vulnerability Details CVEID: CVE-2019-12410 DESCRIPTION: While investigating UBSAN errors in it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data...
Information Disclosure
apache arrow is vulnerable to information disclosure. In certain cases, arrays with null values could be built using uninitialized memory for their data segment, resulting in unintentional memory being shared over the wire...
Information Disclosure
apache arrow is vulnerable to information disclosure. The data read from Apache Parquet files with RLE null encoded data is uninitialized, potentially allowing data in memory to be unintentionally shared over the wire...
Apache Arrow Code Issue Vulnerability
Apache Arrow is a cross-language development platform for in-memory data processing from the Apache Apache Software Foundation. The platform supports programming languages such as C, C++, C, Go and Java, and provides features such as inter-process communication. A code issue vulnerability exists ...
Apache Arrow Code Issue Vulnerability (CNVD-2019-41410)
Apache Arrow is a cross-language development platform for in-memory data processing from the Apache Apache Software Foundation. The platform supports programming languages such as C, C++, C, Go and Java, and provides features such as inter-process communication. A code issue vulnerability exists ...
CVE-2019-12410
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...
CVE-2019-12410
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...
CVE-2019-12408
It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...
CVE-2019-12408
It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...