CVE-2018-11768

EPSS 3.49%
Published 04.10.2019 14:15:10
Last modified 21.11.2024 03:43:59
Source security@apache.org
Teams watchlist Login
Open Login

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.

Affected products Warnungen 0 Metrics 3 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Hadoop Version >= 2.2.0 <= 2.8.4

Apache ≫ Hadoop Version >= 2.9.0 <= 2.9.1

Apache ≫ Hadoop Version >= 3.0.1 <= 3.0.3

Apache ≫ Hadoop Version >= 3.1.0 <= 3.1.1

Apache ≫ Hadoop Version2.0.0 Update-

Apache ≫ Hadoop Version2.0.0 Updatealpha

Apache ≫ Hadoop Version2.0.1 Update-

Apache ≫ Hadoop Version2.0.1 Updatealpha

Apache ≫ Hadoop Version2.0.2 Update-

Apache ≫ Hadoop Version2.0.2 Updatealpha

Apache ≫ Hadoop Version2.0.3 Update-

Apache ≫ Hadoop Version2.0.3 Updatealpha

Apache ≫ Hadoop Version2.0.4 Update-

Apache ≫ Hadoop Version2.0.4 Updatealpha

Apache ≫ Hadoop Version2.0.5 Update-

Apache ≫ Hadoop Version2.0.5 Updatealpha

Apache ≫ Hadoop Version2.0.6 Update-

Apache ≫ Hadoop Version2.0.6 Updatealpha

Apache ≫ Hadoop Version2.1.0 Update-

Apache ≫ Hadoop Version2.1.0 Updatebeta

Apache ≫ Hadoop Version2.1.1 Updatebeta

Apache ≫ Hadoop Version3.0.0 Update-

Apache ≫ Hadoop Version3.0.0 Updatealpha1

Apache ≫ Hadoop Version3.0.0 Updatealpha2

Apache ≫ Hadoop Version3.0.0 Updatealpha3

Apache ≫ Hadoop Version3.0.0 Updatealpha4

Apache ≫ Hadoop Version3.0.0 Updatebeta1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.49%	0.872

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E

https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E

https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E

https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E

https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E

https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E

https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E

https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E

https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E

https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2018-11768

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-11768

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-11768

EUVD