Lucene search
K
ApacheArrow

5 matches found

CVE
CVE
added 2024/07/23 4:50 p.m.350 views

CVE-2024-41178

Apache Arrow Rust Object Store (object_store crate)

7.5CVSS6.8AI score0.0071EPSS
Web
CVE
CVE
added 2024/11/28 4:31 p.m.195 views

CVE-2024-52338

CVE-2024-52338 affects the Apache Arrow R package (versions 4.0.0–16.1.0). Deserialization of untrusted IPC/Parquet data allows arbitrary code execution. Affected users reading Arrow IPC, Feather, or Parquet data from untrusted sources are vulnerable. Upgrade to 17.0.0 or later to fix the issue. ...

9.8CVSS7.1AI score0.02322EPSS
CVE
CVE
added 2019/11/08 6:4 p.m.117 views

CVE-2019-12410

CVE-2019-12410 affects Apache Arrow 0.12.0–0.14.1, where memory for Arrow Arrays could be left uninitialized when reading RLE null data from Parquet. This impacts C++, Python, Ruby, and R implementations and could lead to leaking uninitialized memory if data is transmitted (e.g., Flight) or persi...

7.5CVSS7.3AI score0.04711EPSS
CVE
CVE
added 2019/11/08 6:20 p.m.103 views

CVE-2019-12408

CVE-2019-12408 affects the C++ implementation of Apache Arrow (used by R, Python, and Ruby bindings) in versions 0.14.0–0.14.1. A memory bug occurs when building arrays with null values, causing uninitialized memory to potentially be shared when Arrow Arrays are transmitted (e.g., via Flight) or ...

7.5CVSS7.3AI score0.03225EPSS
CVE
CVE
added 2026/02/17 1:18 p.m.37 views

CVE-2026-25087

CVE-2026-25087 (Apache Arrow C++) details : A use-after-free vulnerability affects Arrow C++ 15.0.0–23.0.0. It can be triggered when reading an Arrow IPC file (not an IPC stream) with pre-buffering enabled, if the IPC file contains variadic buffers (e.g., Binary View and String View data). Depend...

7CVSS5.7AI score0.00807EPSS