{"id":"GHSA-92cc-952p-v8rh","summary":"Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability ","details":"Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client.\n\nThis issue affects Apache Hadoop: from 3.2.0 before 3.4.2.\n\nUsers are recommended to upgrade to version 3.4.2, which fixes the issue.","aliases":["CVE-2025-27821"],"modified":"2026-01-26T23:56:32.757755Z","published":"2026-01-26T12:30:27Z","database_specific":{"github_reviewed":true,"severity":"HIGH","github_reviewed_at":"2026-01-26T23:40:20Z","cwe_ids":["CWE-787"],"nvd_published_at":"2026-01-26T10:16:05Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27821"},{"type":"WEB","url":"https://github.com/apache/hadoop/pull/7481"},{"type":"WEB","url":"https://github.com/apache/hadoop/commit/2b32e46f666c7645f5d1e026be3982b99319ccb8"},{"type":"PACKAGE","url":"https://github.com/apache/hadoop"},{"type":"WEB","url":"https://issues.apache.org/jira/browse/HDFS-17754"},{"type":"WEB","url":"https://lists.apache.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplh"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/01/23/7"}],"affected":[{"package":{"name":"org.apache.hadoop:hadoop-hdfs-native-client","ecosystem":"Maven","purl":"pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.2.0"},{"fixed":"3.4.2"}]}],"versions":["3.2.0","3.2.1","3.2.2","3.2.3","3.2.4","3.3.0","3.3.1","3.3.2","3.3.3","3.3.4","3.3.5","3.3.6","3.4.0","3.4.1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-92cc-952p-v8rh/GHSA-92cc-952p-v8rh.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}