{"id":"CVE-2017-5637","details":"Two four letter word commands \"wchp/wchc\" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.","aliases":["GHSA-7cwj-j333-x7f7"],"modified":"2026-05-28T04:04:28.344471548Z","published":"2017-10-10T01:30:22.360Z","related":["SUSE-SU-2020:1066-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux","extracted_events":[{"last_affected":"8.0"}],"source":"CPE_STRING"}]},"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370%40%3Cdev.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"},{"type":"WEB","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3871"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98814"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2477"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3354"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3355"},{"type":"REPORT","url":"https://issues.apache.org/jira/browse/ZOOKEEPER-2693"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/zookeeper","events":[{"introduced":"0"},{"last_affected":"2109aca0fa091222434a8895e2533a26b770ad05"},{"last_affected":"5963ae5a9d1ce53915ffd5855c1f6b20317631d2"},{"last_affected":"207a838684634327f272eeed0e67eb681db7f1aa"},{"last_affected":"b06fee00646549f7616ee0f48f20a7e7da5844af"},{"last_affected":"f0b33bd9064bce87b029690b82b26b192bde8eba"},{"last_affected":"f1c2e3ad35128d766e30e05350c95d6362b2d2cc"},{"last_affected":"1285c982c0d6c1621cbc40343679b8f3f05978cb"},{"last_affected":"b3119273f9a16274ed9e1f87418a765b130e1063"},{"last_affected":"e0d8cb65658fa8b56c4c0eec5dd8044e7ac4fb7f"},{"last_affected":"6182d6b97793d6ade69fdbf640b426f672fa3c0c"},{"last_affected":"22dd197a0327eef989feaf2109e5e7371624f743"},{"last_affected":"59adfa23fb6c1b9034283d6fc09cd7a4a8e6e0b1"},{"last_affected":"3f572f0a3568ad21d7a1175ecde007b222c74cf4"}],"database_specific":{"cpe":["cpe:2.3:a:apache:zookeeper:3.4.0:*:*:*:*:*:*:*","cpe:2.3:a:apache:zookeeper:3.4.1:*:*:*:*:*:*:*","cpe:2.3:a:apache:zookeeper:3.4.2:*:*:*:*:*:*:*","cpe:2.3:a:apache:zookeeper:3.4.3:*:*:*:*:*:*:*","cpe:2.3:a:apache:zookeeper:3.4.4:*:*:*:*:*:*:*","cpe:2.3:a:apache:zookeeper:3.4.5:*:*:*:*:*:*:*","cpe:2.3:a:apache:zookeeper:3.4.6:*:*:*:*:*:*:*","cpe:2.3:a:apache:zookeeper:3.4.7:*:*:*:*:*:*:*","cpe:2.3:a:apache:zookeeper:3.4.8:*:*:*:*:*:*:*","cpe:2.3:a:apache:zookeeper:3.4.9:*:*:*:*:*:*:*","cpe:2.3:a:apache:zookeeper:3.5.0:*:*:*:*:*:*:*","cpe:2.3:a:apache:zookeeper:3.5.1:*:*:*:*:*:*:*","cpe:2.3:a:apache:zookeeper:3.5.2:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"3.4.0"},{"last_affected":"3.4.1"},{"last_affected":"3.4.2"},{"last_affected":"3.4.3"},{"last_affected":"3.4.4"},{"last_affected":"3.4.5"},{"last_affected":"3.4.6"},{"last_affected":"3.4.7"},{"last_affected":"3.4.8"},{"last_affected":"3.4.9"},{"last_affected":"3.5.0"},{"last_affected":"3.5.1"},{"last_affected":"3.5.2"}],"source":"CPE_STRING"}}],"versions":["release-3.4.9","release-3.4.9-rc2","release-3.5.2","release-3.5.2-rc1","release-3.4.8","release-3.4.8-rc0","release-3.4.7","release-3.4.7-rc0","release-3.5.1","release-3.5.1-rc4","release-3.5.0","release-3.5.0-rc0","release-3.4.6","release-3.4.6-rc0","release-3.4.5","release-3.4.5-rc1","release-3.4.4","release-3.4.4-rc0","release-3.4.3","release-3.4.3-rc0","release-3.4.2","release-3.4.2-rc0","release-3.4.1","release-3.4.1-rc0","release-3.4.0","release-3.4.0-rc2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5637.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}