CVE-2019-12408

Name of the Vulnerable Software and Affected Versions Apache Arrow versions 0.14.0 through 0.14.1

Description A bug was found in the C++ implementation of Apache Arrow, which also affects the R, Python, and Ruby implementations. This bug occurs when building arrays with null values, resulting in an uninitialized memory issue. This can cause unintentional sharing of uninitialized memory if Arrow Arrays are transmitted or persisted in certain formats.

Recommendations For Apache Arrow versions 0.14.0 through 0.14.1, consider avoiding the transmission or persistence of Arrow Arrays with null values until a fix is available. As a temporary workaround, restrict the use of arrays with null values to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.