CVE-2017-5637
HIGH7.5EPSS 17.4%zookeeper - security update
發布日:2022/5/13修改日:2026/4/28
描述
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
受影響套件(4)
- Debian/zookeeperfrom 0, < 3.4.9-3
- Debian/zookeeperfrom 0, < 3.4.5+dfsg-2+deb7u1
- Debian/zookeeperfrom 0, < 3.4.5+dfsg-2+deb8u2
- Maven/org.apache.zookeeper:zookeeper>= 3.4.0, < 3.4.10
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
參考連結(14)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-5637
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-5637
- WEBhttps://access.redhat.com/errata/RHSA-2017:2477
- WEBhttps://access.redhat.com/errata/RHSA-2017:3354
- WEBhttps://access.redhat.com/errata/RHSA-2017:3355
- WEBhttps://issues.apache.org/jira/browse/ZOOKEEPER-2693
- WEBhttps://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
- WEBhttps://www.oracle.com/security-alerts/cpujul2020.html
- WEBhttps://www.oracle.com//security-alerts/cpujul2021.html
- WEBhttp://www.debian.org/security/2017/dsa-3871
- WEBhttp://www.securityfocus.com/bid/98814