{"id":"CVE-2016-5017","details":"Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the \"cmd:\" batch mode syntax, allows attackers to have unspecified impact via a long command string.","modified":"2026-04-16T06:24:16.681491475Z","published":"2016-09-21T14:25:12.080Z","references":[{"type":"WEB","url":"https://git-wip-us.apache.org/repos/asf?p=zookeeper.git%3Ba=commitdiff%3Bh=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r4b743f407244294f316325458ccaabfce9cd70ca3a6423dbe574035c%40%3Cnotifications.dubbo.apache.org%3E"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/93044"},{"type":"WEB","url":"https://git-wip-us.apache.org/repos/asf?p=zookeeper.git%3Ba=commitdiff%3Bh=f09154d6648eeb4ec5e1ac8a2bacbd2f8c87c14a"},{"type":"WEB","url":"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"},{"type":"WEB","url":"https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"},{"type":"ADVISORY","url":"https://zookeeper.apache.org/security.html#CVE-2016-5017"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/09/17/3"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/138755/ZooKeeper-3.4.8-3.5.2-Buffer-Overflow.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/zookeeper","events":[{"introduced":"0"},{"last_affected":"e0d8cb65658fa8b56c4c0eec5dd8044e7ac4fb7f"},{"introduced":"0"},{"last_affected":"22dd197a0327eef989feaf2109e5e7371624f743"},{"introduced":"0"},{"last_affected":"59adfa23fb6c1b9034283d6fc09cd7a4a8e6e0b1"},{"introduced":"0"},{"last_affected":"3f572f0a3568ad21d7a1175ecde007b222c74cf4"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.4.8"},{"introduced":"0"},{"last_affected":"3.5.0"},{"introduced":"0"},{"last_affected":"3.5.1"},{"introduced":"0"},{"last_affected":"3.5.2"}]}}],"versions":["release-3.4.8","release-3.4.8-rc0","release-3.5.0","release-3.5.0-rc0","release-3.5.1","release-3.5.1-rc4","release-3.5.2","release-3.5.2-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5017.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}