Reported

September 14, 2021

Issued

September 29, 2021 (last modified: June 13, 2023)

Package

arrow (crates.io)

Type

Vulnerability

Categories

• memory-exposure

Keywords

#buffer-overflow

Aliases

• GHSA-r7cj-wmwv-hfw5

References

• https://github.com/apache/arrow-rs/issues/772
• https://github.com/apache/arrow-rs/issues/773

Patched

• >=6.4.0

Description

BinaryArray performs insufficient validation on creation, which allows out-of-bounds reads in safe code.

Advisory available under CC0-1.0 license.