CVE-2017-5637

CVSS v3.0 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 4.54 % (93^th)

Affected Products 2

Advisories 5

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

Weaknesses

CWE-306: Missing Authentication for Critical Function
CWE-400: Uncontrolled Resource Consumption

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2017-10-10 01:30:22
(7 years ago)
Updated Date: 2023-11-07 02:49:27
(10 months ago)

Affected Products

Apache

Zookeeper

Debian

Debian Linux

Configuration #1

		CPE23	From	Up To
	Apache Zookeeper 3.4.0	cpe:2.3:a:apache:zookeeper:3.4.0
	Apache Zookeeper 3.4.1	cpe:2.3:a:apache:zookeeper:3.4.1
	Apache Zookeeper 3.4.2	cpe:2.3:a:apache:zookeeper:3.4.2
	Apache Zookeeper 3.4.3	cpe:2.3:a:apache:zookeeper:3.4.3
	Apache Zookeeper 3.4.4	cpe:2.3:a:apache:zookeeper:3.4.4
	Apache Zookeeper 3.4.5	cpe:2.3:a:apache:zookeeper:3.4.5
	Apache Zookeeper 3.4.6	cpe:2.3:a:apache:zookeeper:3.4.6
	Apache Zookeeper 3.4.7	cpe:2.3:a:apache:zookeeper:3.4.7
	Apache Zookeeper 3.4.8	cpe:2.3:a:apache:zookeeper:3.4.8
	Apache Zookeeper 3.4.9	cpe:2.3:a:apache:zookeeper:3.4.9
	Apache Zookeeper 3.5.0	cpe:2.3:a:apache:zookeeper:3.5.0
	Apache Zookeeper 3.5.1	cpe:2.3:a:apache:zookeeper:3.5.1
	Apache Zookeeper 3.5.2	cpe:2.3:a:apache:zookeeper:3.5.2

Configuration #2

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0