VulnerableCode Package Details - pkg:gem/red-arrow@0.14.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-ca7h-68db-4qga Aliases: CVE-2019-12408 GHSA-8cw2-jv5c-c825 PYSEC-2019-195	It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.	0.15.1 Affected by 0 other vulnerabilities.
VCID-n25g-xj5f-tyfj Aliases: CVE-2019-12410 GHSA-cjw4-2w9r-r8mv PYSEC-2019-196	While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.	0.15.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ca7h-68db-4qga
Aliases:
CVE-2019-12408
GHSA-8cw2-jv5c-c825
PYSEC-2019-195

It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.

0.15.1
Affected by 0 other vulnerabilities.

VCID-n25g-xj5f-tyfj
Aliases:
CVE-2019-12410
GHSA-cjw4-2w9r-r8mv
PYSEC-2019-196

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.

0.15.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T09:00:05.233031+00:00	GHSA Importer	Affected by	VCID-ca7h-68db-4qga	https://github.com/advisories/GHSA-8cw2-jv5c-c825	38.6.0
2026-06-13T09:00:04.131718+00:00	GHSA Importer	Affected by	VCID-n25g-xj5f-tyfj	https://github.com/advisories/GHSA-cjw4-2w9r-r8mv	38.6.0
2026-06-12T18:21:43.386015+00:00	GitLab Importer	Affected by	VCID-ca7h-68db-4qga	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/red-arrow/CVE-2019-12408.yml	38.6.0
2026-06-12T18:18:41.362231+00:00	GitLab Importer	Affected by	VCID-n25g-xj5f-tyfj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/red-arrow/CVE-2019-12410.yml	38.6.0