This is an automated email from the ASF dual-hosted git repository.
cnauroth pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/hadoop-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 34b23538a07 HDFS-17754: Add CVE-2025-27821 description
34b23538a07 is described below
commit 34b23538a0786e3deb348ad510262c6f49ea609c
Author: Chris Nauroth <[email protected]>
AuthorDate: Mon Jan 26 23:53:53 2026 +0000
HDFS-17754: Add CVE-2025-27821 description
Closes #75
Signed-off-by: Ayush Saxena <[email protected]>
---
content/cve_list.html | 13 +++++++++++++
src/cve_list.md | 17 +++++++++++++++++
2 files changed, 30 insertions(+)
diff --git a/content/cve_list.html b/content/cve_list.html
index c9915826f07..6d155e4db9e 100644
--- a/content/cve_list.html
+++ b/content/cve_list.html
@@ -178,6 +178,19 @@ One paragraph summary goes here. Don't need nuts-and-bolts
detail, just enough f
- **Reported Date**:
- **Issue Announced**:
-->
+<h2
id="cve-2025-27821-out-of-bounds-write-in-uri-parser-of-native-hdfs-client"><a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27821";>CVE-2025-27821</a>
Out of bounds write in URI parser of native HDFS client</h2>
+<p>Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client.</p>
+<p>This issue affects Apache Hadoop: from 3.2.0 before 3.4.2.</p>
+<p>Users are recommended to upgrade to version 3.4.2, which fixes the
issue.</p>
+<p>This issue is being tracked as <a
href="https://issues.apache.org/jira/browse/HDFS-17754";>HDFS-17754</a>.</p>
+<ul>
+<li><strong>Versions affected</strong>: 3.2.0 to 3.4.1</li>
+<li><strong>Fixed versions</strong>: 3.4.2</li>
+<li><strong>Impact</strong>: Memory Corruption</li>
+<li><strong>Reporter</strong>: BUI Ngoc Tan</li>
+<li><strong>Reported Date</strong>: 2025/03/01</li>
+<li><strong>Issue Announced</strong>: 2026/01/23</li>
+</ul>
<h2
id="cve-2023-26031-privilege-escalation-in-apache-haoop-yarn-container-executor-binary-on-linux-systems"><a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26031";>CVE-2023-26031</a>
Privilege escalation in Apache Haoop Yarn container-executor binary on Linux
systems</h2>
<p>Relative library resolution in linux container-executor binary in Apache
Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the
YARN cluster is accepting work from remote (authenticated) users, this MAY
permit remote users to gain root privileges.</p>
<p>Hadoop 3.3.0 updated the <a
href="https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html";>YARN
Secure Containers</a> to add a feature for executing user-submitted
applications in isolated linux containers.</p>
diff --git a/src/cve_list.md b/src/cve_list.md
index 5b85406df9b..cb9960ce911 100644
--- a/src/cve_list.md
+++ b/src/cve_list.md
@@ -37,6 +37,23 @@ One paragraph summary goes here. Don't need nuts-and-bolts
detail, just enough f
- **Issue Announced**:
-->
+##
[CVE-2025-27821](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27821)
Out of bounds write in URI parser of native HDFS client
+
+Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client.
+
+This issue affects Apache Hadoop: from 3.2.0 before 3.4.2.
+
+Users are recommended to upgrade to version 3.4.2, which fixes the issue.
+
+This issue is being tracked as
[HDFS-17754](https://issues.apache.org/jira/browse/HDFS-17754).
+
+- **Versions affected**: 3.2.0 to 3.4.1
+- **Fixed versions**: 3.4.2
+- **Impact**: Memory Corruption
+- **Reporter**: BUI Ngoc Tan
+- **Reported Date**: 2025/03/01
+- **Issue Announced**: 2026/01/23
+
##
[CVE-2023-26031](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26031)
Privilege escalation in Apache Haoop Yarn container-executor binary on Linux
systems
Relative library resolution in linux container-executor binary in Apache
Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the
YARN cluster is accepting work from remote (authenticated) users, this MAY
permit remote users to gain root privileges.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
