There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Hadoop
APPApache2.9.0 – 2.10.2 (bez)3.0.0 – 3.1.43.2.0 – 3.2.3 (bez)3.3.0 – 3.3.2 (bez)
Related vulnerabilities
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the ...
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on U...
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could ...
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used...
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit se...