### [CVE-2021-37404](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37404)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Hadoop&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%203.2.0%20to%203.2.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2.9.0%20to%202.10.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.0%20to%203.1.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.3.0%20to%203.3.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brightgreen)

### Description

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/muneebaashiq/MBProjects