Vulnerable versions {3.4.0, 3.5.1, 3.5.2} are not in tree. Upstream states vulnerability is fixed in versions 3.4.10(in tree), 3.5.3, 3.6.0 Incorrect input validation with wchp/wchc four letter words. Two four letter word commands “wchp/wchc” are CPU intensive and could cause spike of CPU utilization on ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Upstream issue: https://issues.apache.org/jira/browse/ZOOKEEPER-2693 References: https://vulners.com/exploitdb/EDB-ID:41277
Package was never stabilized; Fixed version already in repository. @ Maintainer(s): Please cleanup and drop =sys-cluster/zookeeper-bin-3.4.9!
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39cc1bec1e22b7d0dd0db539cf2193ca26c280e9