Описание
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 3.4.10-3 |
| cosmic | not-affected | 3.4.10-3 |
| devel | not-affected | 3.4.10-3 |
| disco | not-affected | 3.4.10-3 |
| eoan | not-affected | 3.4.10-3 |
| esm-apps/bionic | not-affected | 3.4.10-3 |
| esm-apps/focal | not-affected | 3.4.10-3 |
| esm-apps/jammy | not-affected | 3.4.10-3 |
| esm-apps/xenial | released | 3.4.8-1ubuntu0.1~esm1 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
Two four letter word commands "wchp/wchc" are CPU intensive and could ...
Uncontrolled Resource Consumption in Apache ZooKeeper
Уязвимость реализации команды wchp/wchc централизованной службы для поддержки информации о конфигурации, именования, обеспечения распределенной синхронизации и предоставления групповых служб Apache ZooKeeper, связанная с отсутствием аутентификации для критичной функции, позволяющая нарушителю, действующему удалённо, вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2
7.5 High
CVSS3