There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
[
{
"product": "Apache Hadoop",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.9.0 to 2.10.1"
},
{
"status": "affected",
"version": "3.0.0 to 3.1.4"
},
{
"status": "affected",
"version": " 3.2.0 to 3.2.2"
},
{
"status": "affected",
"version": "3.3.0 to 3.3.1"
}
]
}
]