CVE-2021-37404

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*

History

27 Jun 2023, 15:15

Type Values Removed Values Added
CWE CWE-120 CWE-787

27 Oct 2022, 16:15

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20220715-0007/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20220715-0007/ - Third Party Advisory

15 Jul 2022, 16:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220715-0007/ -

22 Jun 2022, 12:49

Type Values Removed Values Added
References (CONFIRM) https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo - (CONFIRM) https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo - Mailing List, Vendor Advisory
CWE CWE-120
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*

13 Jun 2022, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-13 07:15

Updated : 2024-02-04 22:29


NVD link : CVE-2021-37404

Mitre link : CVE-2021-37404

CVE.ORG link : CVE-2021-37404


JSON object : View

Products Affected

apache

  • hadoop
CWE
CWE-787

Out-of-bounds Write