Bug 13350

Summary:	[CVE 21] zookeeper 3.4.9 CVEs found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Yury <y.tumanov>
Component:	System (kernel, glibc, systemd, bash, PAM...)	Assignee:	ROSA Linux Bugs <bugs>
Status:	RESOLVED WONTFIX	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	normal
Priority:	Normal	CC:	m.novosyolov, s.matveev, y.tumanov
Version:	All
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	CVE-2017-5637,
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Yury 2023-05-03 19:03:22 MSK

Please patch CVEs for package zookeeper version 3.4.9  
INFO (CVEs are): zookeeper 3.4.9 cves found
CVE-2017-5637
Desc: Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
Link: https://nvd.nist.gov/vuln/detail/CVE-2017-5637
Severity: HIGH

Comment 1 Mikhail Novosyolov 2023-05-15 15:46:25 MSK

В этом пакете пока не будем исправлять CVE в связи с отсутствием его широкого применения и сложностью их закрытия.