CVE-2019-12410 is a vulnerability in Apache Arrow
Published on November 8, 2019
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.
Products Associated with CVE-2019-12410
Want to know whenever a new CVE is published for Apache Arrow? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Arrow Version Apache Arrow 0.12.0 to 0.14.1 is affected by CVE-2019-12410Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.