High severityOSV Advisory· Published Jan 26, 2026· Updated Jan 26, 2026
HDFS native client: Out of bounds write in URI parser of native HDFS client
CVE-2025-27821
Description
Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client.
This issue affects Apache Hadoop: from 3.2.0 before 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.hadoop:hadoop-hdfs-native-clientMaven | >= 3.2.0, < 3.4.2 | 3.4.2 |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-92cc-952p-v8rhghsaADVISORY
- lists.apache.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplhghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-27821ghsaADVISORY
- www.openwall.com/lists/oss-security/2026/01/23/7ghsaWEB
- github.com/apache/hadoop/commit/2b32e46f666c7645f5d1e026be3982b99319ccb8ghsaWEB
- github.com/apache/hadoop/pull/7481ghsaWEB
- issues.apache.org/jira/browse/HDFS-17754ghsaWEB
News mentions
0No linked articles in our index yet.