CVE-2017-7687

CVSS v3.0 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.08 % (33^th)

Affected Products 1

Advisories 1

When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2017-09-29 01:34:50
(7 years ago)
Updated Date: 2023-11-07 02:50:15
(10 months ago)

Affected Products

Apache

Mesos

Configuration #1

	CPE23	Up To
Apache Mesos 1.1.2 and prior versions	cpe:2.3:a:apache:mesos	<= 1.1.2
Apache Mesos 1.2.0	cpe:2.3:a:apache:mesos:1.2.0
Apache Mesos 1.2.1	cpe:2.3:a:apache:mesos:1.2.1
Apache Mesos 1.3.0	cpe:2.3:a:apache:mesos:1.3.0
Apache Mesos 1.3.1	cpe:2.3:a:apache:mesos:1.3.1
Apache Mesos 1.4.0-dev	cpe:2.3:a:apache:mesos:1.4.0-dev