CVE-2021-37404
N/A
N/A
Summary
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Hadoop | 2.9.0 to 2.10.1 | affected |
| Apache Software Foundation | Apache Hadoop | 3.0.0 to 3.1.4 | affected |
| Apache Software Foundation | Apache Hadoop | 3.2.0 to 3.2.2 | affected |
| Apache Software Foundation | Apache Hadoop | 3.3.0 to 3.3.1 | affected |
Weaknesses
- CWE-787: CWE-787 Out-of-bounds Write
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo
- https://security.netapp.com/advisory/ntap-20220715-0007/
References
- https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo
- https://security.netapp.com/advisory/ntap-20220715-0007/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.