High severityNVD Advisory· Published Jul 12, 2012· Updated Jun 16, 2026
CVE-2012-3376
CVE-2012-3376
Description
DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.hadoop:hadoop-clientMaven | >= 2.0.0-alpha, < 2.0.1-alpha | 2.0.1-alpha |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-qmh2-h7r6-gm6qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-3376ghsaADVISORY
- archives.neohapsis.com/archives/bugtraq/2012-07/0049.htmlnvdWEB
- seclists.org/fulldisclosure/2012/Jul/78ghsaWEB
- www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.htmlnvdWEB
- www.securityfocus.com/bid/54358nvd
News mentions
0No linked articles in our index yet.