PyPI: arcticdb

SFTY-20250428-12325

Safety legacy ID: pyup.io-76942

Affected versions of ArcticDB are potentially vulnerable to a race condition (CWE-362). It stems from unsynchronized Py_INCREF(Py_None) calls in functions like prefill_with_none and increment_none_refcount in python_utils.hpp.

PythonPyPI
Created at: Nov 5, 2025Updated at: Nov 5, 2025

Overview

Affected versions of ArcticDB are potentially vulnerable to a race condition (CWE-362). It stems from unsynchronized Py_INCREF(Py_None) calls in functions like prefill_with_none and increment_none_refcount in python_utils.hpp.

Advisory

Affected versions of ArcticDB are potentially vulnerable to a race condition (CWE-362). It stems from unsynchronized Py_INCREF(Py_None) calls in functions like prefill_with_none and increment_none_refcount in python_utils.hpp.

Affected Package

Affecting arcticdb package, versions
<5.4.0

Also affects

---

How to Fix

Upgrade
arcticdb
to
5.4.0
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more