[ARROW-18302] [Python] Is pyarrow vulnerable to CVE-2022-3786? - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 9.0.0
Fix Version/s: 10.0.1, 11.0.0
Component/s: Packaging, Python
Labels:
- pull-request-available

External issue URL:
https://github.com/apache/arrow/issues/33477

Description

Since pyarrow seems to have no disposition on this bug already, I am curious if the implementation of openssl included with pyarrow is vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2022-3786

Here is the commit of openssl that this is fixed in:

https://github.com/openssl/openssl/commit/c42165b5706e42f67ef8ef4c351a9a4c5d21639a

Attachments

Issue Links

links to

GitHub Pull Request #14634

Activity

People

Assignee:: Raúl Cumplido

Reporter:: Christina

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 10/Nov/22 15:06

Updated:: 11/Jan/23 11:59

Resolved:: 14/Nov/22 20:21

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

2h 10m