Description
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Affected products
- Apache Software Foundation / Apache Hadoop2.9.0 to 2.10.1 – 2.9.0 to 2.10.1
- Apache Software Foundation / Apache Hadoop3.0.0 to 3.1.4 – 3.0.0 to 3.1.4
- Apache Software Foundation / Apache Hadoop3.2.0 to 3.2.2 – 3.2.0 to 3.2.2
- Apache Software Foundation / Apache Hadoop3.3.0 to 3.3.1 – 3.3.0 to 3.3.1