FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zookeeper -- Denial Of Service

Affected packages
zookeeper < 3.4.10


VuXML ID af61b271-9e47-4db0-a0f6-29fb032236a3
Discovery 2017-10-09
Entry 2017-10-10

zookeeper developers report:

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.


CVE Name CVE-2017-5637