CGA-h7pv-cx59-vvj8

Published

Last updated

https://images.chainguard.dev/security/CGA-h7pv-cx59-vvj8

Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update

Fix not planned

Aliases

CVE-2021-37404
GHSA-rmpj-7c96-mrg8

Severity

Unknown

Summary

Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2

Description

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-37404
https://github.com/advisories/GHSA-rmpj-7c96-mrg8
https://github.com/apache/hadoop
https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo
https://security.netapp.com/advisory/ntap-20220715-0007

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-h7pv-cx59-vvj8

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources