VYPR
High severityNVD Advisory· Published Nov 8, 2019· Updated Aug 4, 2024

CVE-2019-12410

CVE-2019-12410

Description

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pyarrowPyPI
>= 0.12.0, < 0.15.10.15.1
red-arrowRubyGems
>= 0.12.0, < 0.15.10.15.1

Affected products

3

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.