There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may…
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
https://cwe.mitre.org/data/definitions/131.html →Open in CWE collection →The product writes data past the end, or before the beginning, of the intended buffer.
https://cwe.mitre.org/data/definitions/787.html →Open in CWE collection →In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
https://capec.mitre.org/data/definitions/47.html →Open in CAPEC collection →Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
https://capec.mitre.org/data/definitions/100.html →Open in CAPEC collection →