CVE-2021-37404— Heap buffer overflow in libhdfs native library
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-37404
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Heap buffer overflow in libhdfs native library
Source: NVD (National Vulnerability Database)
Vulnerability Description
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Hadoop 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Hadoop是美国阿帕奇(Apache)基金会的一套开源的分布式系统基础架构。该产品能够对大量数据进行分布式处理,并具有高可靠性、高扩展性、高容错性等特点。 Apache Hadoop 存在安全漏洞,该漏洞源于libhdfs存在堆缓冲区溢出。攻击者可以利用该漏洞诱使用户打开恶意文件进行拒绝服务攻击或任意代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Hadoop | 2.9.0 to 2.10.1 | - |
II. Public POCs for CVE-2021-37404
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-37404
请登录查看更多情报信息。
- https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wox_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-37404
IV. Related Vulnerabilities
Same product: Apache Hadoop
- CVE-2024-23454
Apache Hadoop: Temporary File Local Information Disclosure - CVE-2023-26031
Privilege escalation in Apache Hadoop Yarn container-executo - CVE-2021-25642
Apache Hadoop YARN remote code execution in ZKConfigurationS - CVE-2022-25168
Command injection in org.apache.hadoop.fs.FileUtil.unTarUsin - CVE-2021-33036
Apache Hadoop Privilege escalation vulnerability
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
V. Comments for CVE-2021-37404
No comments yet