Reported

April 24, 2025

Issued

May 30, 2025

Package

arrow2 (crates.io)

Type

Vulnerability

Categories

• memory-exposure

Patched

no patched versions

Description

Rows::row_unchecked() allows out of bounds access to the underlying buffer without sufficient checks.

The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead.

Advisory available under CC0-1.0 license.