Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-37404

UNKNOWN
Published 2022-06-13T07:00:16
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-37404. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Hadoop

Affected Versions:

2.9.0 to 2.10.1 3.0.0 to 3.1.4 3.2.0 to 3.2.2 3.3.0 to 3.3.1

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2

GHSA-rmpj-7c96-mrg8

Advisory Details

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

Affected Packages

Maven org.apache.hadoop:hadoop-common
ECOSYSTEM: ≥3.3.0 <3.3.2
Maven org.apache.hadoop:hadoop-common
ECOSYSTEM: ≥3.0.0 <3.2.3
Maven org.apache.hadoop:hadoop-common
ECOSYSTEM: ≥0 <2.10.2

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-37404
PACKAGE https://github.com/apache/hadoop
WEB https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo
WEB https://security.netapp.com/advisory/ntap-20220715-0007

Advisory provided by GitHub Security Advisory Database. Published: June 14, 2022, Modified: June 27, 2023

References

https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo
https://security.netapp.com/advisory/ntap-20220715-0007/
Published: 2022-06-13T07:00:16
Last Modified: 2024-08-04T01:16:03.989Z
Copied to clipboard!