GHSA-rmpj-7c96-mrg8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rmpj-7c96-mrg8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-rmpj-7c96-mrg8/GHSA-rmpj-7c96-mrg8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rmpj-7c96-mrg8
- Aliases
- Published
- 2022-06-14T00:00:37Z
- Modified
- 2024-02-22T05:34:28.037449Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2
- Details
-
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
- Database specific
{ "nvd_published_at": "2022-06-13T07:15:00Z", "github_reviewed_at": "2022-06-17T01:09:36Z", "github_reviewed": true, "severity": "CRITICAL", "cwe_ids": [ "CWE-120", "CWE-131", "CWE-787" ] }- References
Affected packages
Maven / org.apache.hadoop:hadoop-common
Package
- Name
- org.apache.hadoop:hadoop-common
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hadoop/hadoop-common
Maven / org.apache.hadoop:hadoop-common
Package
- Name
- org.apache.hadoop:hadoop-common
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hadoop/hadoop-common
Maven / org.apache.hadoop:hadoop-common
Package
- Name
- org.apache.hadoop:hadoop-common
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hadoop/hadoop-common
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.10.2
Affected versions
0.*
0.22.0
0.23.1
0.23.3
0.23.4
0.23.5
0.23.6
0.23.7
0.23.8
0.23.9
0.23.10
0.23.11
2.*
2.0.0-alpha
2.0.1-alpha
2.0.2-alpha
2.0.3-alpha
2.0.4-alpha
2.0.5-alpha
2.0.6-alpha
2.1.0-beta
2.1.1-beta
2.2.0
2.3.0
2.4.0
2.4.1
2.5.0
2.5.1
2.5.2
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.9.0
2.9.1
2.9.2
2.10.0
2.10.1