Reported

September 14, 2021

Issued

September 29, 2021 (last modified: June 13, 2023)

Package

arrow (crates.io)

Type

Vulnerability

Categories

• memory-exposure

Keywords

#buffer-overflow

Aliases

• GHSA-qgrp-8f3v-q85p

References

• https://github.com/apache/arrow-rs/issues/774

Patched

• >=6.4.0

Description

FixedSizeBinaryArray performs insufficient bounds checks, which allows out-of-bounds reads in safe code.

Advisory available under CC0-1.0 license.