RUSTSEC-2025-0038 – arrow2

Package

Manager: cargo
Name: arrow2
Vulnerable Version: >=0.0.0-0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:F/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Out of bounds access in public safe API `Rows::row_unchecked()` allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead.

Metadata

Created: 2025-04-24T12:00:00Z
Modified: 2025-05-30T15:33:12Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F111
Auto approve: 1