There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
{
"cpe": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.10.2"
},
{
"introduced": "3.0.0"
},
{
"last_affected": "3.1.4"
},
{
"introduced": "3.2.0"
},
{
"fixed": "3.2.3"
},
{
"introduced": "3.3.0"
},
{
"fixed": "3.3.2"
}
],
"source": "CPE_RANGE"
}[
{
"source": "https://github.com/apache/hadoop/commit/abe5358143720085498613d399be3bbf01e0f131",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "172508901140850166315077168976677568660",
"length": 705.0
},
"deprecated": false,
"id": "CVE-2021-37404-cf0079d5",
"target": {
"function": "getTimeDurationHelper",
"file": "hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java"
}
},
{
"source": "https://github.com/apache/hadoop/commit/abe5358143720085498613d399be3bbf01e0f131",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"117241420199337029436298470313516342337",
"10911464053357943410825609861845695837",
"240437666491262468440316638114074933731",
"226622566833744400926285549106341911654",
"249375286985992668764075164756526076674"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2021-37404-f2b0819d",
"target": {
"file": "hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java"
}
}
]
"2026-07-08T22:13:41Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37404.json"