CVE-2019-12410

CVE-2019-12410

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.

Source: CVE-2019-12410

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다