2097421 – (CVE-2021-37404) CVE-2021-37404 hadoop-hdfs: Heap buffer overflow in Apache Hadoop libhdfs

Bug 2097421 (CVE-2021-37404) - CVE-2021-37404 hadoop-hdfs: Heap buffer overflow in Apache Hadoop libhdfs

Summary: CVE-2021-37404 hadoop-hdfs: Heap buffer overflow in Apache Hadoop libhdfs

Keywords:
Status:	NEW
Alias:	CVE-2021-37404
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2097466 2097467 2097468
Blocks:	2097422
TreeView+	depends on / blocked

Reported:	2022-06-15 16:17 UTC by Pedro Sampaio
Modified:	2023-07-07 08:31 UTC (History)
CC List:	15 users (show)
Fixed In Version:	Apache Hadoop 2.10.2, Apache Hadoop 3.2.3, Apache Hadoop 3.3.2
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Apache Hadoop. Opening a file path provided by a user without validation may result in a denial of service or arbitrary code execution.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2022-06-15 16:17:52 UTC

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

References:

https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo

Note You need to log in before you can comment on or make changes to this bug.