CVE-2021-41561

Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
apacheCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
apacheparquet-mr
𝑥
< 1.11.2
apacheparquet-mr
1.12.0 ≤
𝑥
< 1.12.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2021/12/20/1
https://lists.apache.org/thread/1bjlscbqtfzl160hrm9lnpjpppp5z3zr
http://www.openwall.com/lists/oss-security/2021/12/20/1
https://lists.apache.org/thread/1bjlscbqtfzl160hrm9lnpjpppp5z3zr