CVE-2021-37404
- Source
- https://cve.org/CVERecord?id=CVE-2021-37404
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37404.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-37404
- Aliases
- Downstream
- Published
- 2022-06-13T07:15:08.327Z
- Modified
- 2026-02-13T02:25:22.051114Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
- References
Affected packages
Git / github.com/apache/hadoop
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37404.json"
vanir_signatures
[
{
"id": "CVE-2021-37404-cf0079d5",
"target": {
"function": "getTimeDurationHelper",
"file": "hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/apache/hadoop/commit/abe5358143720085498613d399be3bbf01e0f131",
"digest": {
"function_hash": "172508901140850166315077168976677568660",
"length": 705.0
},
"signature_type": "Function"
},
{
"id": "CVE-2021-37404-f2b0819d",
"target": {
"file": "hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/apache/hadoop/commit/abe5358143720085498613d399be3bbf01e0f131",
"digest": {
"threshold": 0.9,
"line_hashes": [
"117241420199337029436298470313516342337",
"10911464053357943410825609861845695837",
"240437666491262468440316638114074933731",
"226622566833744400926285549106341911654",
"249375286985992668764075164756526076674"
]
},
"signature_type": "Line"
}
]