CVE-2024-52338
- EPSS 2.43%
- Published 28.11.2024 17:15:48
- Last modified 15.07.2025 16:33:36
Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sour...
CVE-2024-41178
- EPSS 0.21%
- Published 23.07.2024 17:15:12
- Last modified 10.07.2025 18:24:07
Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (`object_store` crate), version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to ...
CVE-2019-12408
- EPSS 4.46%
- Published 08.11.2019 19:15:10
- Last modified 21.11.2024 04:22:46
It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized...
CVE-2019-12410
- EPSS 5.28%
- Published 08.11.2019 19:15:10
- Last modified 21.11.2024 04:22:47
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby ...