Apache Hadoop buffer overflow | CVE-2021-37404
NAME
Apache Hadoop buffer overflow
- Platforms Affected:
Apache Hadoop 2.9.0
Apache Hadoop 3.0.0
Apache Hadoop 3.2.0
Apache Hadoop 2.10.1
Apache Hadoop 3.1.4
Apache Hadoop 3.2.2
Apache Hadoop 3.3.0
Apache Hadoop 3.3.1 - Risk Level:
9.8 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
Apache Hadoop is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the libhdfs native code. By opening a specially-crafted file path, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Upgrade to the latest version of Apache Hadoop (2.10.2, 3.2.3, 3.3.2 or later), available from the Apache Web site. See References.
- Reference Link:
https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo - Reference Link:
https://hadoop.apache.org/
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
