1. Home
  2. CVE Database
  3. CVE-2017-5637
HIGH · 7.5

CVE-2017-5637

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client r...

Vulnerability Description

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
ApacheZookeeper3.4.0
DebianDebian Linux8.0

Related Weaknesses (CWE)

CWE-306CWE-400

References

FAQ

What is CVE-2017-5637?

CVE-2017-5637 is a vulnerability with a CVSS score of 7.5 (HIGH). Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client r...

How severe is CVE-2017-5637?

CVE-2017-5637 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-5637?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Zookeeper, Debian Debian Linux.