GHSA-wv8j-m3hx-924j – arrow2

Package

Manager: cargo
Name: arrow2
Vulnerable Version: >=0 <=0.18.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Arrow2 allows out of bounds access in public safe API `Rows::row_unchecked()` allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead.

Metadata

Created: 2025-05-30T20:09:56Z
Modified: 2025-05-30T20:09:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-wv8j-m3hx-924j/GHSA-wv8j-m3hx-924j.json
CWE IDs: ["CWE-119"]
Alternative ID: N/A
Finding: F316
Auto approve: 1