←back to thread

Max severity RCE flaw discovered in widely used Apache Parquet

(www.bleepingcomputer.com)
174 points andy99 | 1 comments | 06 Apr 25 17:21 UTC | HN request time: 0s | source
Show context
3eb7988a1663 ◴[06 Apr 25 18:06 UTC] No.43603491[source]
Maybe the headline should note that this a parser vulnerability, not the format itself. I suppose that is obvious, but my first knee-jerk thought was, "Am I going to have to re-encode XXX piles of data?"
replies(2): >>43603869 #>>43604836 #
brokensegue ◴[06 Apr 25 18:46 UTC] No.43603869[source]
What would it mean for the vulnerability to be in the format and not the parser?
replies(3): >>43603925 #>>43603966 #>>43606334 #
1. 3eb7988a1663 ◴[06 Apr 25 18:57 UTC] No.43603966[source]
I don't know. Something like a Python pickle file where parsing is unavoidable.

On a second read, I realized a format problem was unlikely, but the headline just said, "Apache Parquet". My mind might the same conclusion if it said "safetensors" or "PNG".