Vulnerability-Lookup

CVE-2018-11768 (GCVE-0-2018-11768)

Vulnerability from cvelistv5 – Published: 2019-10-04 13:56 – Updated: 2024-08-05 08:17

Summary

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

apache

References

URL

Tags

	https://lists.apache.org/thread.html/2067a797b330…	x_refsource_MISC
	https://lists.apache.org/thread.html/caacbbba2dcc…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/ea6d2dfbefab…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/2c9cc65864be…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/f20bb4e055d8…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/ceb16af9139a…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/9b609d4392d8…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/72ca514e01cd…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r02e39d7beb3…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r02e39d7beb3…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	Apache Hadoop	Affected: Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, 2.0.0-alpha to 2.8.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:17:09.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-general] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-hdfs-dev] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-hdfs-dev] 20191004 Re: CVE-2018-11768: HDFS FSImage Corruption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-hdfs-dev] 20191006 Re: CVE-2018-11768: HDFS FSImage Corruption",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E"
          },
          {
            "name": "[lucene-dev] 20191029 Re: CVE-2018-11768 in regards to Solr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-dev] 20191029 CVE-2018-11768 in regards to Solr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-dev] 20191031 RE: CVE-2018-11768 in regards to Solr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E"
          },
          {
            "name": "[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Hadoop",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, 2.0.0-alpha to 2.8.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-06T13:06:18.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E"
        },
        {
          "name": "[hadoop-general] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E"
        },
        {
          "name": "[hadoop-hdfs-dev] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E"
        },
        {
          "name": "[hadoop-hdfs-dev] 20191004 Re: CVE-2018-11768: HDFS FSImage Corruption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E"
        },
        {
          "name": "[hadoop-hdfs-dev] 20191006 Re: CVE-2018-11768: HDFS FSImage Corruption",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E"
        },
        {
          "name": "[lucene-dev] 20191029 Re: CVE-2018-11768 in regards to Solr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E"
        },
        {
          "name": "[lucene-dev] 20191029 CVE-2018-11768 in regards to Solr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E"
        },
        {
          "name": "[lucene-dev] 20191031 RE: CVE-2018-11768 in regards to Solr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E"
        },
        {
          "name": "[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E"
        },
        {
          "name": "[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2018-11768",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Hadoop",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, 2.0.0-alpha to 2.8.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E"
            },
            {
              "name": "[hadoop-general] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378@%3Cgeneral.hadoop.apache.org%3E"
            },
            {
              "name": "[hadoop-hdfs-dev] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E"
            },
            {
              "name": "[hadoop-hdfs-dev] 20191004 Re: CVE-2018-11768: HDFS FSImage Corruption",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a@%3Chdfs-dev.hadoop.apache.org%3E"
            },
            {
              "name": "[hadoop-hdfs-dev] 20191006 Re: CVE-2018-11768: HDFS FSImage Corruption",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E"
            },
            {
              "name": "[lucene-dev] 20191029 Re: CVE-2018-11768 in regards to Solr",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-dev] 20191029 CVE-2018-11768 in regards to Solr",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-dev] 20191031 RE: CVE-2018-11768 in regards to Solr",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2018-11768",
    "datePublished": "2019-10-04T13:56:56.000Z",
    "dateReserved": "2018-06-05T00:00:00.000Z",
    "dateUpdated": "2024-08-05T08:17:09.225Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2021-AVI-912

Vulnerability from certfr_avis - Published: 2021-12-01 - Updated: 2021-12-02

De multiples vulnérabilités ont été découvertes dans IBM Qradar. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	QRadar	IBM QRadar SIEM 7.4.x versions antérieures à 7.4.3 Fix Pack 4
	IBM	QRadar	IBM QRadar SIEM 7.3.x versions antérieures à 7.3.3 Fix Pack 10

References

Title

Publication Time

GHSA-HX83-RPQF-M267

Vulnerability from github – Published: 2019-11-20 01:38 – Updated: 2021-08-18 22:42

Summary

user/group information can be corrupted across storing in fsimage and reading back from fsimage

Details

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.hadoop:hadoop-main"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.8.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.hadoop:hadoop-main"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.hadoop:hadoop-main"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-11768"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-11-19T03:28:12Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.",
  "id": "GHSA-hx83-rpqf-m267",
  "modified": "2021-08-18T22:42:32Z",
  "published": "2019-11-20T01:38:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11768"
    },
    {
      "type": "WEB",
      "url": "https://hadoop.apache.org/cve_list.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a@%3Chdfs-dev.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6@%3Cdev.lucene.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378@%3Cgeneral.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "user/group information can be corrupted across storing in fsimage and reading back from fsimage"
}

FKIE_CVE-2018-11768

Vulnerability from fkie_nvd - Published: 2019-10-04 14:15 - Updated: 2024-11-21 03:43

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.

References

	URL	Tags
	security@apache.org	https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E
	security@apache.org	https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E
	security@apache.org	https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E
	security@apache.org	https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E
	security@apache.org	https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E
	security@apache.org	https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E
	security@apache.org	https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E
	security@apache.org	https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E
	security@apache.org	https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E
	security@apache.org	https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E

Impacted products

Vendor	Product	Version
apache	hadoop	*
apache	hadoop	*
apache	hadoop	*
apache	hadoop	*
apache	hadoop	2.0.0
apache	hadoop	2.0.0
apache	hadoop	2.0.1
apache	hadoop	2.0.1
apache	hadoop	2.0.2
apache	hadoop	2.0.2
apache	hadoop	2.0.3
apache	hadoop	2.0.3
apache	hadoop	2.0.4
apache	hadoop	2.0.4
apache	hadoop	2.0.5
apache	hadoop	2.0.5
apache	hadoop	2.0.6
apache	hadoop	2.0.6
apache	hadoop	2.1.0
apache	hadoop	2.1.0
apache	hadoop	2.1.1
apache	hadoop	3.0.0
apache	hadoop	3.0.0
apache	hadoop	3.0.0
apache	hadoop	3.0.0
apache	hadoop	3.0.0
apache	hadoop	3.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DD242B4-4B2C-4D04-AC1E-EF5DB0946AF4",
              "versionEndIncluding": "2.8.4",
              "versionStartIncluding": "2.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25983124-125F-483B-8AD0-ABD5BEB24565",
              "versionEndIncluding": "2.9.1",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FCEC9B9-9A2A-4A90-8D1F-DEB7396A4B4D",
              "versionEndIncluding": "3.0.3",
              "versionStartIncluding": "3.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D760BFB8-4CD4-450B-B3F7-9BBE845A15D4",
              "versionEndIncluding": "3.1.1",
              "versionStartIncluding": "3.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "449B6ACE-1EB7-4EE6-A6A6-D0B6B35E7711",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "227941BD-D769-45AD-9D61-7FCA3C2264FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.0.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "32C079FC-786F-4FDA-A81D-D3F8C57233DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "18BF490A-0865-47C0-A143-0991B40BD259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.0.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "E214AEE0-651F-46F7-9784-0021356D8634",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "E091799F-203D-4C52-839E-E798770C0287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.0.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "B85FB31E-8473-4447-A19A-BDE8E5D3A13F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "80E53689-C56C-4104-B510-CB4116B898CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.0.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "0FFC6E30-3613-4D4F-96BF-495B3D3B73E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "591921C3-F7EA-402E-9C36-2EADF0417C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.0.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "F07F8A23-27DF-46FE-B94C-B675A9C019C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "9FA774A9-81B3-4303-B254-C802B4DC8004",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.0.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "5DB9D913-962A-4465-B9E8-C20645D4DF89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "877CAAE8-5E57-4D0D-A8EB-8CA696D0CE3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C55C1D6-6EDC-47BB-8B8B-FA341179E37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "25DB127F-4293-4847-A8C4-C7F6B74762EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "E8AE3E25-0726-4039-A3A8-B53F7CF0E638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:3.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "2547A78B-A084-4AD4-9312-B97B12C30BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "C33530ED-6093-4B4C-AFDB-4DB5EB5878E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "38BCF20D-169E-4847-8880-A223467B8639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "336DADCF-3302-423D-BFDC-72C031AD1CAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "689B619C-04C4-43C6-B103-DDAAA9C9CC9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "1E457B6F-5F01-45C5-8568-7AF598721AEB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage."
    },
    {
      "lang": "es",
      "value": "En Apache Hadoop versiones 3.1.0 hasta 3.1.1, 3.0.0-alpha1 hasta 3.0.3, 2.9.0 hasta 2.9.1 y 2.0.0-alpha hasta 2.8.4, la informaci\u00f3n de user/group puede corromperse durante el almacenamiento en fsimage y una lectura nuevamente desde fsimage."
    }
  ],
  "id": "CVE-2018-11768",
  "lastModified": "2024-11-21T03:43:59.550",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-04T14:15:10.903",
  "references": [
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-41851

Vulnerability from cnvd - Published: 2019-11-22

Title

Apache Hadoop缓冲区溢出漏洞

Description

Apache Hadoop是美国阿帕奇（Apache）软件基金会的一套开源的分布式系统基础架构。 Apache Hadoop中存在缓冲区溢出漏洞。该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。

Severity

中

Patch Name

Apache Hadoop缓冲区溢出漏洞的补丁

Patch Description

Apache Hadoop是美国阿帕奇（Apache）软件基金会的一套开源的分布式系统基础架构。 Apache Hadoop中存在缓冲区溢出漏洞。该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E

Reference

https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E

Impacted products

Name
['Apache Apache Hadoop >=3.1.0，<=3.1.1', 'Apache Apache Hadoop >=3.0.0-alpha1，<=3.0.3', 'Apache Apache Hadoop >=2.9.0，<=2.9.1', 'Apache Apache Hadoop >=2.0.0-alpha，<=2.8.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-11768",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2018-11768"
    }
  },
  "description": "Apache Hadoop\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u7cfb\u7edf\u57fa\u7840\u67b6\u6784\u3002\n\nApache Hadoop\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41851",
  "openTime": "2019-11-22",
  "patchDescription": "Apache Hadoop\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5206\u5e03\u5f0f\u7cfb\u7edf\u57fa\u7840\u67b6\u6784\u3002\r\n\r\nApache Hadoop\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Hadoop\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Apache Hadoop \u003e=3.1.0\uff0c\u003c=3.1.1",
      "Apache Apache Hadoop \u003e=3.0.0-alpha1\uff0c\u003c=3.0.3",
      "Apache Apache Hadoop \u003e=2.9.0\uff0c\u003c=2.9.1",
      "Apache Apache Hadoop \u003e=2.0.0-alpha\uff0c\u003c=2.8.4"
    ]
  },
  "referenceLink": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E",
  "serverity": "\u4e2d",
  "submitTime": "2019-11-14",
  "title": "Apache Hadoop\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

GSD-2018-11768

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.

Aliases

CVE-2018-11768

Aliases

CVE-2018-11768

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-11768",
    "description": "In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.",
    "id": "GSD-2018-11768"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-11768"
      ],
      "details": "In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.",
      "id": "GSD-2018-11768",
      "modified": "2023-12-13T01:22:42.102454Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2018-11768",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Hadoop",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, 2.0.0-alpha to 2.8.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-general] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378@%3Cgeneral.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-hdfs-dev] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-hdfs-dev] 20191004 Re: CVE-2018-11768: HDFS FSImage Corruption",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a@%3Chdfs-dev.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-hdfs-dev] 20191006 Re: CVE-2018-11768: HDFS FSImage Corruption",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E"
          },
          {
            "name": "[lucene-dev] 20191029 Re: CVE-2018-11768 in regards to Solr",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-dev] 20191029 CVE-2018-11768 in regards to Solr",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "[lucene-dev] 20191031 RE: CVE-2018-11768 in regards to Solr",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6@%3Cdev.lucene.apache.org%3E"
          },
          {
            "name": "[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E"
          },
          {
            "name": "[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2.0.0,2.0.6],[2.1.0,2.1.1],[2.2.0,2.8.4],[2.9.0,2.9.1], [3.0.0,3.0.3],[3.1.0,3.1.1]",
          "affected_versions": "All versions starting from 2.0.0 up to 2.0.6, all versions starting from 2.1.0 up to 2.1.1, all versions starting from 2.2.0 up to 2.8.4, all versions starting from 2.9.0 up to 2.9.1, all versions starting from 3.0.0 up to 3.0.3, all versions starting from 3.1.0 up to 3.1.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-119",
            "CWE-937"
          ],
          "date": "2019-10-29",
          "description": "In Apache Hadoop, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.",
          "fixed_versions": [
            "2.8.5",
            "2.9.2",
            "3.1.2"
          ],
          "identifier": "CVE-2018-11768",
          "identifiers": [
            "CVE-2018-11768"
          ],
          "not_impacted": "All versions before 2.0.0, all versions after 2.0.6 before 2.1.0, all versions after 2.1.1 before 2.2.0, all versions after 2.8.4 before 2.9.0, all versions after 2.9.1 before 3.0.0, all versions after 3.0.3 before 3.1.0, all versions after 3.1.1",
          "package_slug": "maven/org.apache.hadoop/hadoop-main",
          "pubdate": "2019-10-04",
          "solution": "Upgrade to versions 2.8.5, 2.9.2, 3.1.2 or above.",
          "title": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-11768"
          ],
          "uuid": "301f9e3e-0a70-47e1-93f0-3e5a14295924"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.1.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.9.1",
                "versionStartIncluding": "2.9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.0.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.3",
                "versionStartIncluding": "3.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.1.1",
                "versionStartIncluding": "3.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.8.4",
                "versionStartIncluding": "2.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.0.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.0.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:3.0.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.0.3:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.0.5:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.0.4:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.0.6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2018-11768"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E"
            },
            {
              "name": "[hadoop-general] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378@%3Cgeneral.hadoop.apache.org%3E"
            },
            {
              "name": "[hadoop-hdfs-dev] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E"
            },
            {
              "name": "[hadoop-hdfs-dev] 20191004 Re: CVE-2018-11768: HDFS FSImage Corruption",
              "refsource": "MLIST",
              "tags": [
                "Issue Tracking",
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a@%3Chdfs-dev.hadoop.apache.org%3E"
            },
            {
              "name": "[hadoop-hdfs-dev] 20191006 Re: CVE-2018-11768: HDFS FSImage Corruption",
              "refsource": "MLIST",
              "tags": [
                "Issue Tracking",
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E"
            },
            {
              "name": "[lucene-dev] 20191029 CVE-2018-11768 in regards to Solr",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-dev] 20191029 Re: CVE-2018-11768 in regards to Solr",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "[lucene-dev] 20191031 RE: CVE-2018-11768 in regards to Solr",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6@%3Cdev.lucene.apache.org%3E"
            },
            {
              "name": "[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-06T14:15Z",
      "publishedDate": "2019-10-04T14:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-11768 (GCVE-0-2018-11768)

CERTFR-2021-AVI-912

Solution

GHSA-HX83-RPQF-M267

FKIE_CVE-2018-11768

CNVD-2019-41851

GSD-2018-11768

Tags

Sightings

Nomenclature