RUSTSEC-2021-0118

FixedSizeBinaryArray does not perform bound checks on accessing values and offsets

Reported

September 14, 2021

Issued

September 29, 2021 (last modified: December 22, 2021)

Package

arrow (crates.io)

Type

Vulnerability

Categories

Keywords

#buffer-overflow

Details

https://github.com/apache/arrow-rs/issues/774

Patched

FixedSizeBinaryArray performs insufficient bounds checks, which allows out-of-bounds reads in safe code.