[jira] [Created] (ARROW-18302) Is pyarrow vulnerable to CVE-2022-3786?

Christina (Jira) Thu, 10 Nov 2022 07:07:09 -0800

Christina created ARROW-18302:
---------------------------------

             Summary: Is pyarrow vulnerable to  CVE-2022-3786?
                 Key: ARROW-18302
                 URL: https://issues.apache.org/jira/browse/ARROW-18302
             Project: Apache Arrow
          Issue Type: Bug
          Components: Python
    Affects Versions: 9.0.0
            Reporter: Christina



Since pyarrow seems to have no disposition on this bug already, I am curious if 
the implementation of openssl included with pyarrow is vulnerable to 
[https://nvd.nist.gov/vuln/detail/CVE-2022-3786]

Here is the commit of openssl that this is fixed in:

https://github.com/openssl/openssl/commit/c42165b5706e42f67ef8ef4c351a9a4c5d21639a



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (ARROW-18302) Is pyarrow vulnerable to CVE-2022-3786?

Reply via email to