Pranav Yogi Lodha created IMPALA-14269:
------------------------------------------
Summary: Bump ORC C++ version to 1.7.9-p11 to fix heap buffer
overflow
Key: IMPALA-14269
URL: https://issues.apache.org/jira/browse/IMPALA-14269
Project: IMPALA
Issue Type: Dependency upgrade
Reporter: Pranav Yogi Lodha
A heap-based buffer overflow vulnerability was identified in Apache ORC's C++
LZO decompression implementation. Specially crafted malformed ORC files can
cause the decompressor to allocate a 250-byte buffer followed by a 295-byte
copy, leading to memory corruption. This patch incorporates fix P11 which
corrects the unsafe memory copy, mitigating the vulnerability.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
