Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS03Y3dqLWozMzMteDdmN83vMQ

Uncontrolled Resource Consumption in Apache ZooKeeper

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

Permalink: https://github.com/advisories/GHSA-7cwj-j333-x7f7
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03Y3dqLWozMzMteDdmN83vMQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago


CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-7cwj-j333-x7f7, CVE-2017-5637
References: Blast Radius: 34.0

Affected Packages

maven:org.apache.zookeeper:zookeeper
Dependent packages: 1,830
Dependent repositories: 34,172
Downloads:
Affected Version Ranges: >= 3.5.0, <= 3.5.2, >= 3.4.0, <= 3.4.9
Fixed in: 3.5.3, 3.4.10
All affected versions: 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.4.7, 3.4.8, 3.4.9
All unaffected versions: 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.4.10, 3.4.11, 3.4.12, 3.4.13, 3.4.14, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.5.9, 3.5.10, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.9.0, 3.9.1, 3.9.2