Your submission was sent successfully! Close

CVE-2017-5637

Published: 10 October 2017

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

From the Ubuntu security team

It was discovered that Apache ZooKeeper incorrectly implemented "wchp/wchc" commands. An attacker could possibly use this issue to cause a denial of service.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
zookeeper
Launchpad, Ubuntu, Debian
Upstream
Released (3.4.5+dfsg-2+deb8u2, 3.4.9-3)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(3.4.10-3)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(3.4.10-3)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(3.4.10-3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.4.10-3)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Needed