CVE-2021-37404

Summary

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Hadoop2.9.0 to 2.10.1affected
Apache Software FoundationApache Hadoop3.0.0 to 3.1.4affected
Apache Software FoundationApache Hadoop3.2.0 to 3.2.2affected
Apache Software FoundationApache Hadoop3.3.0 to 3.3.1affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

References