oss-sec mailing list archives

CVE-2025-27821: HDFS native client: Out of bounds write in URI parser of native HDFS client

From: Chris Nauroth <cnauroth () apache org>
Date: Fri, 23 Jan 2026 18:45:29 +0000

Severity: moderate 

Affected versions:

- HDFS native client (org.apache.hadoop:hadoop-hdfs-native-client) 3.2.0 before 3.4.2

Description:

Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client.

This issue affects Apache Hadoop: from 3.2.0 before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

This issue is being tracked as HDFS-17754 

Credit:

BUI Ngoc Tan (reporter)

References:

https://hadoop.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-27821
https://issues.apache.org/jira/browse/HDFS-17754

Current thread:

CVE-2025-27821: HDFS native client: Out of bounds write in URI parser of native HDFS client Chris Nauroth (Jan 23)