CVE-2017-5637
zookeeper - security update
7.5
HIGH
CVSS 3.1
EPSS 17.4%
Description
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
How to fix CVE-2017-5637
To remediate CVE-2017-5637, upgrade the affected package to a fixed version below.
- —upgrade to 3.4.9-3 or later
- —upgrade to 3.4.5+dfsg-2+deb7u1 or later
- —upgrade to 3.4.5+dfsg-2+deb8u2 or later
- —upgrade to 3.4.10 or later
Is CVE-2017-5637 being exploited?
Moderate — EPSS is 17.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 3.4.9-3
- from 0, < 3.4.5+dfsg-2+deb7u1
- from 0, < 3.4.5+dfsg-2+deb8u2
- >= 3.4.0, < 3.4.10
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |