{
  "GSD": {
    "alias": "CVE-2019-12408",
    "description": "It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.",
    "id": "GSD-2019-12408"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "red-arrow",
            "purl": "pkg:gem/red-arrow"
          }
        }
      ],
      "aliases": [
        "CVE-2019-12408",
        "GHSA-8cw2-jv5c-c825"
      ],
      "details": "It was discovered that the C++ implementation (which underlies the R,\nPython and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized\nmemory bug when building arrays with null values in some cases. This can lead to\nuninitialized memory being unintentionally shared if Arrow Arrays are transmitted\nover the wire (for instance with Flight) or persisted in the streaming IPC and file\nformats.\n",
      "id": "GSD-2019-12408",
      "modified": "2022-05-24T00:00:00.000Z",
      "published": "2022-05-24T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E"
        },
        {
          "type": "WEB",
          "url": "https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 7.5,
          "type": "CVSS_V3"
        }
      ],
      "summary": "Missing Initialization of Resource in Apache Arrow"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2019-12408",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Arrow",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Apache Arrow 0.14.0 to 0.14.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E",
            "refsource": "CONFIRM",
            "url": "https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E"
          },
          {
            "name": "[announce] 20191108 [CVE-2019-12408][CVE-2019-12410] Uninitialized Memory Vulnerabilities fixed in Apache Arrow 0.15.1",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2019-12408",
      "cvss_v3": 7.5,
      "date": "2022-05-24",
      "description": "It was discovered that the C++ implementation (which underlies the R,\nPython and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized\nmemory bug when building arrays with null values in some cases. This can lead to\nuninitialized memory being unintentionally shared if Arrow Arrays are transmitted\nover the wire (for instance with Flight) or persisted in the streaming IPC and file\nformats.\n",
      "gem": "red-arrow",
      "ghsa": "8cw2-jv5c-c825",
      "patched_versions": [
        "\u003e= 0.15.1"
      ],
      "related": {
        "url": [
          "https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E"
        ]
      },
      "title": "Missing Initialization of Resource in Apache Arrow",
      "unaffected_versions": [
        "\u003c 0.14.0"
      ],
      "url": "https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=0.14.0 \u003c=0.14.1",
          "affected_versions": "All versions starting from 0.14.0 up to 0.14.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-909",
            "CWE-937"
          ],
          "date": "2019-11-13",
          "description": "It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow has an uninitialized memory bug when building arrays with `null` values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.",
          "fixed_versions": [
            "0.15.0"
          ],
          "identifier": "CVE-2019-12408",
          "identifiers": [
            "CVE-2019-12408"
          ],
          "not_impacted": "All versions before 0.14.0, all versions after 0.14.1",
          "package_slug": "gem/red-arrow",
          "pubdate": "2019-11-08",
          "solution": "Upgrade to version 0.15.0 or above.",
          "title": "NULL Pointer Dereference",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-12408"
          ],
          "uuid": "bf4f0b78-13b3-4931-a7fa-662ae8fa4e54"
        },
        {
          "affected_range": "\u003e=0.14.0,\u003c0.15.1",
          "affected_versions": "All versions starting from 0.14.0 before 0.15.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-909",
            "CWE-937"
          ],
          "date": "2022-06-28",
          "description": "It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.",
          "fixed_versions": [
            "0.15.1"
          ],
          "identifier": "CVE-2019-12408",
          "identifiers": [
            "GHSA-8cw2-jv5c-c825",
            "CVE-2019-12408"
          ],
          "not_impacted": "All versions before 0.14.0, all versions starting from 0.15.1",
          "package_slug": "pypi/arrow",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to version 0.15.1 or above.",
          "title": "Missing Initialization of Resource",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-12408",
            "https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E",
            "https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E",
            "https://github.com/advisories/GHSA-8cw2-jv5c-c825"
          ],
          "uuid": "44177710-30dc-492c-aeca-61d6f22c3e29"
        },
        {
          "affected_range": "\u003e=0.14.0,\u003c=0.14.1",
          "affected_versions": "All versions starting from 0.14.0 up to 0.14.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-909",
            "CWE-937"
          ],
          "date": "2019-11-13",
          "description": "Apache Arrow has an uninitialized memory bug when building arrays with `null` values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.",
          "fixed_versions": [
            "0.14.2"
          ],
          "identifier": "CVE-2019-12408",
          "identifiers": [
            "CVE-2019-12408"
          ],
          "not_impacted": "All versions before 0.14.0, all versions after 0.14.1",
          "package_slug": "pypi/pyarrow",
          "pubdate": "2019-11-08",
          "solution": "Upgrade to version 0.14.2 or above.",
          "title": "NULL Pointer Dereference",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-12408",
            "https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E",
            "https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E"
          ],
          "uuid": "47830733-aaf3-46e1-9a3f-131b3a7b4a81"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:arrow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.14.1",
                "versionStartIncluding": "0.14.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2019-12408"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-909"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E",
              "refsource": "CONFIRM",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E"
            },
            {
              "name": "[announce] 20191108 [CVE-2019-12408][CVE-2019-12410] Uninitialized Memory Vulnerabilities fixed in Apache Arrow 0.15.1",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-11-08T19:15Z"
    }
  }
}

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pyarrow",
        "purl": "pkg:pypi/pyarrow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.14.0"
            },
            {
              "fixed": "0.15.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.14.0",
        "0.14.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2019-12408"
  ],
  "details": "It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.",
  "id": "PYSEC-2019-195",
  "modified": "2021-08-27T03:22:16.533972Z",
  "published": "2019-11-08T19:15:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E"
    }
  ]
}

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pyarrow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.14.0"
            },
            {
              "fixed": "0.15.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "red-arrow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.14.0"
            },
            {
              "fixed": "0.15.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-12408"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-909"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-28T14:36:34Z",
    "nvd_published_at": "2019-11-08T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.",
  "id": "GHSA-8cw2-jv5c-c825",
  "modified": "2024-10-21T21:04:09Z",
  "published": "2022-05-24T17:00:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12408"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pyarrow/PYSEC-2019-195.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/red-arrow/CVE-2019-12408.yml"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Missing Initialization of Resource in Apache Arrow"
}

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-12408"
    }
  },
  "description": "Apache Arrow\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u7528\u4e8e\u5185\u5b58\u6570\u636e\u5904\u7406\u7684\u8de8\u8bed\u8a00\u5f00\u53d1\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301C\u3001C++\u3001C\uff03\u3001Go\u548cJava\u7b49\u7f16\u7a0b\u8bed\u8a00\uff0c\u5e76\u63d0\u4f9b\u8fdb\u7a0b\u95f4\u901a\u4fe1\u7b49\u529f\u80fd\u3002\n\nApache Arrow 0.14.0\u7248\u672c\u81f30.14.1\u7248\u672c\u4e2d\u7684C++\u5b9e\u73b0\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672a\u521d\u59cb\u5316\u7684\u5185\u5b58\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41410",
  "openTime": "2019-11-20",
  "patchDescription": "Apache Arrow\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u7528\u4e8e\u5185\u5b58\u6570\u636e\u5904\u7406\u7684\u8de8\u8bed\u8a00\u5f00\u53d1\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301C\u3001C++\u3001C\uff03\u3001Go\u548cJava\u7b49\u7f16\u7a0b\u8bed\u8a00\uff0c\u5e76\u63d0\u4f9b\u8fdb\u7a0b\u95f4\u901a\u4fe1\u7b49\u529f\u80fd\u3002\r\n\r\nApache Arrow 0.14.0\u7248\u672c\u81f30.14.1\u7248\u672c\u4e2d\u7684C++\u5b9e\u73b0\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672a\u521d\u59cb\u5316\u7684\u5185\u5b58\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Arrow\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2019-41410\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Arrow \u003e=0.14.0\uff0c\u003c=0.14.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-12408",
  "serverity": "\u4e2d",
  "submitTime": "2019-11-11",
  "title": "Apache Arrow\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2019-41410\uff09"
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:arrow:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6259C8-6AA7-4630-9379-2DDBD8E8F047",
              "versionEndIncluding": "0.14.1",
              "versionStartIncluding": "0.14.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 que la implementaci\u00f3n de C ++ (que subyace a las implementaciones de R, Python y Ruby) de Apache Arrow versiones 0.14.0 hasta 0.14.1, present\u00f3 un bug de memoria no inicializada cuando se construyen matrices con valores nulos en algunos casos. Esto puede conllevar a que la memoria no inicializada se comparta involuntariamente si Matrices de Arrow son transmitidas mediante el cable (por ejemplo, con Flight) o si persisti\u00f3 el IPC de transmisi\u00f3n y los formatos de archivo."
    }
  ],
  "id": "CVE-2019-12408",
  "lastModified": "2024-11-21T04:22:46.787",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-08T19:15:10.237",
  "references": [
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269%40%3Cdev.arrow.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269%40%3Cdev.arrow.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073%40%3Cannounce.apache.org%3E"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-909"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}