Apache Arrow R Package Security Update Advisory (CVE-2024-52338)

Dec 02 2024

Overview

An update has been released to address vulnerabilities in Apache Arrow R Package. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-52338

Apache Arrow R package versions: 4.0.0 (inclusive) ~ 16.1.0 (inclusive)

Resolved Vulnerabilities

Vulnerability in the Apache Arrow R package in the IPC and Parquet readers that could allow arbitrary code execution when deserializing untrusted data (CVE-2024-52338)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-52338

Apache Arrow R package version: 17.0.0

Referenced Sites

[1] CVE-2024-52338 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-52338

[2] CVE-2024-52338: Apache Arrow R package: Arbitrary code execution when loading a malicious data file

https://lists.apache.org/thread/0rcbvj1gdp15lvm23zm601tjpq0k25vt

Apache Arrow R Package Security Update Advisory (CVE-2024-52338)

Zabbix Security Update Advisory

WordPress Widget & Block Control Plugin Security Update Advisory (CVE-2024-8672)

Tags:

Zabbix Security Update Advisory

WordPress Widget & Block Control Plugin Security Update Advisory (CVE-2024-8672)