Severity: important

Versions affected:

2.9.0 to 2.10.1, 3.0.0 to 3.1.4, 3.2.0 to 3.2.2, 3.3.0 to 3.3.1

Description:

There is a potential heap buffer overflow in libhdfs native code.
Opening a file path provided by user without validation may result in
a denial of service or arbitrary code execution.

Mitigation:

Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or upper.

Credit:

This issue was discovered by Igor Chervatyuk.

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@hadoop.apache.org
For additional commands, e-mail: general-h...@hadoop.apache.org

Reply via email to