DEBIAN-CVE-2017-5637

DEBIAN-CVE-2017-5637 PUBLISHED CVSS 7.5 HIGH

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	zookeeper	0, 0, 0
Debian:12	zookeeper	0, 0, 0
Debian:13	zookeeper	0, 0, 0
Debian:11	zookeeper	0, 0, 0

Timeline

Oct 10, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-5637 advisory

Open in Interactive Console →