CVE-2016-5017
Published: 21 September 2016
Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.
From the Ubuntu Security Team
It was discovered that Apache ZooKeeper incorrectly handled certain inputs. An attacker could possibly use this issue to cause unspecified impact.
Priority
Status
Package | Release | Status |
---|---|---|
zookeeper Launchpad, Ubuntu, Debian |
eoan |
Not vulnerable
|
artful |
Ignored
(end of life)
|
|
bionic |
Not vulnerable
|
|
cosmic |
Not vulnerable
|
|
disco |
Not vulnerable
|
|
focal |
Not vulnerable
|
|
groovy |
Not vulnerable
|
|
impish |
Not vulnerable
|
|
precise |
Ignored
(end of life)
|
|
upstream |
Released
(3.4.9-1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
jammy |
Not vulnerable
|
|
hirsute |
Not vulnerable
|
|
trusty |
Released
(3.4.5+dfsg-1ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
xenial |
Released
(3.4.8-1ubuntu0.1~esm1)
Available with Ubuntu Pro |
|
Patches: upstream: https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.1 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |