- Reported
-
- Issued
-
- Package
-
arrow
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Keywords
-
#buffer-overflow
- Details
-
https://github.com/apache/arrow-rs/issues/775
- Patched
-
Description
DecimalArray
performs insufficient bounds checks,
which allows out-of-bounds reads in safe code
if the length of the backing buffer is not a multiple of 16.