[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2021-41561: Apache Parquet-MR potential DoS in case of malicious Parquet file
From:       Gábor_Szádovszky <gabor () apache ! org>
Date:       2021-12-20 10:03:37
Message-ID: 568519e9-1bcc-671d-5868-d96b3fa6f908 () apache ! org
[Download RAW message or body]

Description:

Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to \
DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later \
versions.

This issue is being tracked as PARQUET-2094

Mitigation:

1.12.x users should upgrade to 1.12.2
1.11.x users should upgrade to 1.11.2
Users of older release lines (<= 1.10.x) should upgrade to 1.12.2 or 1.11.2

Credit:

This issue was discovered by Sergey Temnikov of the Amazon S3 team.


[prev in list] [next in list] [prev in thread] [next in thread]