CVE-2017-5637 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-5637 PUBLISHED

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

EPSS 17.45% · 95.0th percentile

Risk Scores

EPSS Score

17.45%

95.0th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:14.04:LTS	zookeeper	0, 3.4.5+dfsg-1
Ubuntu:Pro:16.04:LTS	zookeeper	0, 3.4.6-8, 3.4.7-1

Timeline

Oct 10, 2017 CVE Published
Oct 3, 2019 CVE Updated
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Jan 2, 2023 EPSS Score
Mar 5, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2017-5637 third-party-advisory
https://issues.apache.org/jira/browse/ZOOKEEPER-2693 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2017-5637 third-party-advisory
https://ubuntu.com/security/notices/USN-4789-1 vendor-advisory

Open in Interactive Console →