CVE-2018-11768

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E
https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E
https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:hadoop::::::::
	cpe:2.3:a:apache:hadoop::::::::
	cpe:2.3:a:apache:hadoop::::::::
	cpe:2.3:a:apache:hadoop::::::::
	cpe:2.3:a:apache:hadoop:2.0.0:-::::::
	cpe:2.3:a:apache:hadoop:2.0.0:alpha::::::
	cpe:2.3:a:apache:hadoop:2.0.1:-::::::
	cpe:2.3:a:apache:hadoop:2.0.1:alpha::::::
	cpe:2.3:a:apache:hadoop:2.0.2:-::::::
	cpe:2.3:a:apache:hadoop:2.0.2:alpha::::::
	cpe:2.3:a:apache:hadoop:2.0.3:-::::::
	cpe:2.3:a:apache:hadoop:2.0.3:alpha::::::
	cpe:2.3:a:apache:hadoop:2.0.4:-::::::
	cpe:2.3:a:apache:hadoop:2.0.4:alpha::::::
	cpe:2.3:a:apache:hadoop:2.0.5:-::::::
	cpe:2.3:a:apache:hadoop:2.0.5:alpha::::::
	cpe:2.3:a:apache:hadoop:2.0.6:-::::::
	cpe:2.3:a:apache:hadoop:2.0.6:alpha::::::
	cpe:2.3:a:apache:hadoop:2.1.0:-::::::
	cpe:2.3:a:apache:hadoop:2.1.0:beta::::::
	cpe:2.3:a:apache:hadoop:2.1.1:beta::::::
	cpe:2.3:a:apache:hadoop:3.0.0:-::::::
	cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::
	cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::
	cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::
	cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::
	cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::

History

07 Nov 2023, 02:51

Type	Values Removed	Values Added
References	{'url': 'https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6@%3Cdev.lucene.apache.org%3E', 'name': '[lucene-dev] 20191031 RE: CVE-2018-11768 in regards to Solr', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E', 'name': '[hadoop-hdfs-dev] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E', 'name': '[hadoop-hdfs-dev] 20191006 Re: CVE-2018-11768: HDFS FSImage Corruption', 'tags': ['Issue Tracking', 'Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E', 'name': '[lucene-dev] 20191029 CVE-2018-11768 in regards to Solr', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E', 'name': '[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E', 'name': '[lucene-dev] 20191029 Re: CVE-2018-11768 in regards to Solr', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a@%3Chdfs-dev.hadoop.apache.org%3E', 'name': '[hadoop-hdfs-dev] 20191004 Re: CVE-2018-11768: HDFS FSImage Corruption', 'tags': ['Issue Tracking', 'Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E', 'name': '[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378@%3Cgeneral.hadoop.apache.org%3E', 'name': '[hadoop-general] 20191004 Re:CVE-2018-11768: HDFS FSImage Corruption', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E', 'name': 'https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MISC'}	() https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E - () https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E - () https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E - () https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E - () https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E - () https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E - () https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E - () https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E - () https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E - () https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E -

Information

Published : 2019-10-04 14:15

Updated : 2023-12-10 13:13

NVD link : CVE-2018-11768

Mitre link : CVE-2018-11768

CVE.ORG link : CVE-2018-11768

JSON object : View

Products Affected

apache

hadoop

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2018-11768

7.5^/10

5.0^/10

Attach tags to `CVE-2018-11768`