CVE-2017-5637 — Vulnetix

CVE-2017-5637 PUBLISHED

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

EPSS 17.45% · 95.2th percentile

Risk Scores

EPSS Score

17.45%

95.2th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:14.04:LTS	zookeeper	0, 3.4.5+dfsg-1
Ubuntu:Pro:16.04:LTS	zookeeper	0, 3.4.6-8, 3.4.7-1

Exploit Intelligence

[dev] 20171009 [SECURITY] CVE-2017-5637: DOS attack on wchp/wchc four letter words (4lw) (cve.org)

Timeline

Oct 10, 2017 CVE Published
Oct 3, 2019 CVE Updated
Apr 14, 2021 EPSS Score
Jul 21, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 4, 2022 EPSS Score
May 2, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Jan 8, 2023 EPSS Score
Mar 11, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2017-5637 third-party-advisory
https://issues.apache.org/jira/browse/ZOOKEEPER-2693 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2017-5637 third-party-advisory
https://ubuntu.com/security/notices/USN-4789-1 vendor-advisory

Open in Interactive Console →