CVE-2018-11768

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.

CVSS v2.0 5

5^/10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

CVSS v3.0 7.5 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378@%3Cgeneral.hadoop.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a@%3Chdfs-dev.hadoop.apache.org%3E	Issue Tracking Mailing List
https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E	Issue Tracking Mailing List
https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6@%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E

Configurations

Configuration 1

cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:3.0.0:-:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.0.1:-:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.0.2:-:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.0.3:-:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.0.4:-:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.0.5:-:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.0.6:-:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.1.0:-:*:*:*:*:*:*

cpe:2.3:a:apache:hadoop:2.0.0:-:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2019-10-04 02:15

Updated : 2020-08-06 02:15

NVD link : CVE-2018-11768

Mitre link : CVE-2018-11768

Products Affected

No products.

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE-2018-11768

5 /10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5^/10

7.5^/10