CVE-2018-11768

HIGH

Apache Hadoop 2.0.0-2.9.1, 3.0.0-3.0.3, 3.1.0-3.1.1 Memory Corruption

Title source: llm
STIX 2.1

Description

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.

References (10)

Core 10
Core References

Scores

CVSS v3 7.5
EPSS 0.0129
EPSS Percentile 79.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-119
Status published
Products (12)
apache/hadoop 2.0.0 (2 CPE variants)
apache/hadoop 2.0.1 (2 CPE variants)
apache/hadoop 2.0.2 (2 CPE variants)
apache/hadoop 2.0.3 (2 CPE variants)
apache/hadoop 2.0.4 (2 CPE variants)
apache/hadoop 2.0.5 (2 CPE variants)
apache/hadoop 2.0.6 (2 CPE variants)
apache/hadoop 2.1.0 (2 CPE variants)
apache/hadoop 2.1.1 beta
apache/hadoop 3.0.0 (6 CPE variants)
... and 2 more
Published Oct 04, 2019
Tracked Since Feb 18, 2026