CVE-2017-5637

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-5637

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5637.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-5637

Aliases

GHSA-7cwj-j333-x7f7

Related

Published

2017-10-10T01:30:22Z

Modified

2024-09-11T02:00:05Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

References

Affected packages

Debian:11 / zookeeper

Package

Name: zookeeper
Purl: pkg:deb/debian/zookeeper?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.9-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / zookeeper

Package

Name: zookeeper
Purl: pkg:deb/debian/zookeeper?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.9-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / zookeeper

Package

Name: zookeeper
Purl: pkg:deb/debian/zookeeper?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.9-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/zookeeper

Affected ranges

Type: GIT
Repo: https://github.com/apache/zookeeper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1285c982c0d6c1621cbc40343679b8f3f05978cb

Last affected

207a838684634327f272eeed0e67eb681db7f1aa

Last affected

2109aca0fa091222434a8895e2533a26b770ad05

Last affected

22dd197a0327eef989feaf2109e5e7371624f743

Last affected

3f572f0a3568ad21d7a1175ecde007b222c74cf4

Last affected

5963ae5a9d1ce53915ffd5855c1f6b20317631d2

Last affected

59adfa23fb6c1b9034283d6fc09cd7a4a8e6e0b1

Last affected

6182d6b97793d6ade69fdbf640b426f672fa3c0c

Last affected

b06fee00646549f7616ee0f48f20a7e7da5844af

Last affected

b3119273f9a16274ed9e1f87418a765b130e1063

Last affected

e0d8cb65658fa8b56c4c0eec5dd8044e7ac4fb7f

Last affected

f0b33bd9064bce87b029690b82b26b192bde8eba

Last affected

f1c2e3ad35128d766e30e05350c95d6362b2d2cc