Fluid Attacks Database

Description

DecimalArray does not perform bound checks on accessing values and offsets DecimalArray performs insufficient bounds checks, which allows out-of-bounds reads in safe code if the lenght of the backing buffer is not a multiple of 16.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
cargo	arrow	>=0 <6.4.0	6.4.0

Aliases

1. GCVE-GHSA-h588-76vg-prgj

References

1. https://github.com/apache/arrow-rs/issues/7752. https://github.com/apache/arrow-rs3. https://rustsec.org/advisories/RUSTSEC-2021-0117.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.