HistoryEdit

RUSTSEC-2021-0117

DecimalArray does not perform bound checks on accessing values and offsets

Issued
Package
arrow (crates.io)
Type
Vulnerability
Categories
Keywords
#buffer-overflow
Details
https://github.com/apache/arrow-rs/issues/775
Patched
no patched versions
Keywords
#buffer-overflow

Description

DecimalArray performs insufficient bounds checks, which allows out-of-bounds reads in safe code if the lenght of the backing buffer is not a multiple of 16.