Vulnerability Database

309,364

Total vulnerabilities in the database

Arrow2 allows double free in `safe` code

The struct Ffi_ArrowArray implements #derive(Clone) that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned.

Cloning this struct in safe results in a segmentation fault, which is unsound.

This derive was removed from this struct. All users are advised to either:

bump the patch version of this crate (for versions v0.7,v0.8,v0.9), or
migrate to a more recent version of the crate (when using <0.7).

Doing so elimitates this vulnerability (code no longer compiles).

Published: Jun 16, 2022
Updated: Apr 14, 2023
GHSA: GHSA-5j8w-r7g8-5472
Severity: High
Exploit:

No technical information available.

CWEs:

CWE-415

Affected Software
References

Software	From	Fixed in
arrow2	-	0.7.1
arrow2	0.8.0	0.8.2
arrow2	0.9.0	0.9.2

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo