Severity: important Versions affected:
2.9.0 to 2.10.1, 3.0.0 to 3.1.4, 3.2.0 to 3.2.2, 3.3.0 to 3.3.1 Description: There is a potential heap buffer overflow in libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Mitigation: Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or upper. Credit: This issue was discovered by Igor Chervatyuk. --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@hadoop.apache.org For additional commands, e-mail: general-h...@hadoop.apache.org