CVE-2017-5637

high

Apache

CVSS v3 Base Score

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

17.4%

Exploitation probability in 30 days

Top 5% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

None

Integrity

None

Availability

High

Published: October 10, 2017 (3139 days ago)

Last Modified: May 13, 2026

Vendor: Apache

Source: NVD

Description

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

CWE

CWE-306

Affected Products

apache zookeeperdebian debian linux

References

🔗 www.debian.org 🔗 www.securityfocus.com 🔗 access.redhat.com 🔗 access.redhat.com 🔗 access.redhat.com

CVE-2017-5637

Vulnerability Report

Description

CWE

Affected Products

References