FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zookeeper -- Denial Of Service

Affected packages
zookeeper < 3.4.10

Details

VuXML ID af61b271-9e47-4db0-a0f6-29fb032236a3
Discovery 2017-10-09
Entry 2017-10-10

zookeeper developers report:

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

[source]

References

CVE Name CVE-2017-5637
URL https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.