| Summary: | <sys-cluster/zookeeper-bin-3.4.10: DOS attack on wchp/wchc four letter words (CVE-2017-5637) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Volkan <vBugZilla> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | cluster, patrick |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://issues.apache.org/jira/browse/ZOOKEEPER-2693 | ||
| See Also: | https://bugzilla.redhat.com/show_bug.cgi?id=1454808 | ||
| Whiteboard: | ~3 [noglsa cve] | ||
| Package list: | Runtime testing required: | --- | |
Package was never stabilized; Fixed version already in repository. @ Maintainer(s): Please cleanup and drop =sys-cluster/zookeeper-bin-3.4.9! |
Vulnerable versions {3.4.0, 3.5.1, 3.5.2} are not in tree. Upstream states vulnerability is fixed in versions 3.4.10(in tree), 3.5.3, 3.6.0 Incorrect input validation with wchp/wchc four letter words. Two four letter word commands “wchp/wchc” are CPU intensive and could cause spike of CPU utilization on ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Upstream issue: https://issues.apache.org/jira/browse/ZOOKEEPER-2693 References: https://vulners.com/exploitdb/EDB-ID:41277