{"id":"CVE-2017-5637","details":"Two four letter word commands \"wchp/wchc\" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.","aliases":["GHSA-7cwj-j333-x7f7"],"modified":"2026-04-10T04:02:35.731192Z","published":"2017-10-10T01:30:22.360Z","related":["SUSE-SU-2020:1066-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370%40%3Cdev.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"},{"type":"WEB","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98814"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2477"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3354"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3871"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3355"},{"type":"REPORT","url":"https://issues.apache.org/jira/browse/ZOOKEEPER-2693"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/zookeeper","events":[{"introduced":"0"},{"last_affected":"2109aca0fa091222434a8895e2533a26b770ad05"},{"introduced":"0"},{"last_affected":"5963ae5a9d1ce53915ffd5855c1f6b20317631d2"},{"introduced":"0"},{"last_affected":"207a838684634327f272eeed0e67eb681db7f1aa"},{"introduced":"0"},{"last_affected":"b06fee00646549f7616ee0f48f20a7e7da5844af"},{"introduced":"0"},{"last_affected":"f0b33bd9064bce87b029690b82b26b192bde8eba"},{"introduced":"0"},{"last_affected":"f1c2e3ad35128d766e30e05350c95d6362b2d2cc"},{"introduced":"0"},{"last_affected":"1285c982c0d6c1621cbc40343679b8f3f05978cb"},{"introduced":"0"},{"last_affected":"b3119273f9a16274ed9e1f87418a765b130e1063"},{"introduced":"0"},{"last_affected":"e0d8cb65658fa8b56c4c0eec5dd8044e7ac4fb7f"},{"introduced":"0"},{"last_affected":"6182d6b97793d6ade69fdbf640b426f672fa3c0c"},{"introduced":"0"},{"last_affected":"22dd197a0327eef989feaf2109e5e7371624f743"},{"introduced":"0"},{"last_affected":"59adfa23fb6c1b9034283d6fc09cd7a4a8e6e0b1"},{"introduced":"0"},{"last_affected":"3f572f0a3568ad21d7a1175ecde007b222c74cf4"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.4.0"},{"introduced":"0"},{"last_affected":"3.4.1"},{"introduced":"0"},{"last_affected":"3.4.2"},{"introduced":"0"},{"last_affected":"3.4.3"},{"introduced":"0"},{"last_affected":"3.4.4"},{"introduced":"0"},{"last_affected":"3.4.5"},{"introduced":"0"},{"last_affected":"3.4.6"},{"introduced":"0"},{"last_affected":"3.4.7"},{"introduced":"0"},{"last_affected":"3.4.8"},{"introduced":"0"},{"last_affected":"3.4.9"},{"introduced":"0"},{"last_affected":"3.5.0"},{"introduced":"0"},{"last_affected":"3.5.1"},{"introduced":"0"},{"last_affected":"3.5.2"}]}}],"versions":["release-3.4.0","release-3.4.0-rc2","release-3.4.1","release-3.4.1-rc0","release-3.4.2","release-3.4.2-rc0","release-3.4.3","release-3.4.3-rc0","release-3.4.4","release-3.4.4-rc0","release-3.4.5","release-3.4.5-rc1","release-3.4.6","release-3.4.6-rc0","release-3.4.7","release-3.4.7-rc0","release-3.4.8","release-3.4.8-rc0","release-3.4.9","release-3.4.9-rc2","release-3.5.0","release-3.5.0-rc0","release-3.5.1","release-3.5.1-rc4","release-3.5.2","release-3.5.2-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5637.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}