Skip to content

Arrow2 allows double free in `safe` code

High severity GitHub Reviewed Published Jun 16, 2022 to the GitHub Advisory Database • Updated Jan 12, 2023

Package

cargo arrow2 (Rust)

Affected versions

< 0.7.1
>= 0.8.0, < 0.8.2
>= 0.9.0, < 0.9.2

Patched versions

0.7.1
0.8.2
0.9.2

Description

The struct Ffi_ArrowArray implements #derive(Clone) that is inconsistent with
its custom implementation of Drop, resulting in a double free when cloned.

Cloning this struct in safe results in a segmentation fault, which is unsound.

This derive was removed from this struct. All users are advised to either:

  • bump the patch version of this crate (for versions v0.7,v0.8,v0.9), or
  • migrate to a more recent version of the crate (when using <0.7).

Doing so elimitates this vulnerability (code no longer compiles).

References

Published to the GitHub Advisory Database Jun 16, 2022
Reviewed Jun 16, 2022
Last updated Jan 12, 2023

Severity

High

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-5j8w-r7g8-5472

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.