High severity7.5NVD Advisory· Published Oct 10, 2017· Updated Jun 17, 2026
CVE-2017-5637
CVE-2017-5637
Description
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.zookeeper:zookeeperMaven | >= 3.4.0, < 3.4.10 | 3.4.10 |
org.apache.zookeeper:zookeeperMaven | >= 3.5.0, < 3.5.3 | 3.5.3 |
Affected products
122cpe:2.3:a:apache:zookeeper:3.4.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:apache:zookeeper:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:zookeeper:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:zookeeper:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:zookeeper:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:zookeeper:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:zookeeper:3.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:zookeeper:3.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:zookeeper:3.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:zookeeper:3.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:zookeeper:3.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:zookeeper:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:zookeeper:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:zookeeper:3.5.2:*:*:*:*:*:*:*
- (no CPE)range: 3.4.0 to 3.4.9
- ghsa-coords107 versionspkg:maven/org.apache.zookeeper/zookeeperpkg:rpm/suse/ardana-ansible&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-barbican&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-barbican&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-db&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-db&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-monasca&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-mq&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-mq&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-octavia&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-octavia&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-tempest&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-tempest&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/crowbar-ha&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-hpe-helion-openstack-installation&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-operations&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-opsconsole&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-planning&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-security&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-user&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-suse-openstack-cloud-deployment&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-installation&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-operations&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-opsconsole&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-planning&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-security&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-user&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/memcached&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/memcached&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/memcached&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-manila&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-manila-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-nova-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/pdns&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/pdns&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-amqp&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-amqp&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-amqp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/venv-openstack-aodh&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-designate&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-freezer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-freezer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-glance&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-ironic&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-magnum&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-manila&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-murano&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-murano&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-octavia&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-sahara&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-trove&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-trove&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/zookeeper&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/zookeeper&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/zookeeper&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
>= 3.4.0, < 3.4.10+ 106 more
- (no CPE)range: >= 3.4.0, < 3.4.10
- (no CPE)range: < 8.0+git.1583432621.24fa60e-3.70.1
- (no CPE)range: < 8.0+git.1583432621.24fa60e-3.70.1
- (no CPE)range: < 8.0+git.1585152761.8ef3d61-4.33.1
- (no CPE)range: < 8.0+git.1585152761.8ef3d61-4.33.1
- (no CPE)range: < 8.0+git.1583944923.03cca6c-3.31.1
- (no CPE)range: < 8.0+git.1583944923.03cca6c-3.31.1
- (no CPE)range: < 8.0+git.1583944894.38f023a-3.24.1
- (no CPE)range: < 8.0+git.1583944894.38f023a-3.24.1
- (no CPE)range: < 8.0+git.1583944811.dc14403-3.19.1
- (no CPE)range: < 8.0+git.1583944811.dc14403-3.19.1
- (no CPE)range: < 8.0+git.1584715262.e4ea620-3.39.1
- (no CPE)range: < 8.0+git.1584715262.e4ea620-3.39.1
- (no CPE)range: < 8.0+git.1585171918.418f5cf-3.26.1
- (no CPE)range: < 8.0+git.1585171918.418f5cf-3.26.1
- (no CPE)range: < 8.0+git.1585311051.6ab5488-3.33.1
- (no CPE)range: < 8.0+git.1585311051.6ab5488-3.33.1
- (no CPE)range: < 5.0+git.1585575551.16781d00d-3.38.1
- (no CPE)range: < 5.0+git.1585316176.344190f-3.32.1
- (no CPE)range: < 5.0+git.1585304226.2164b7895-4.37.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 1.5.17-3.3.1
- (no CPE)range: < 1.5.17-3.3.1
- (no CPE)range: < 1.5.17-3.3.1
- (no CPE)range: < 5.1.1~dev5-3.26.2
- (no CPE)range: < 5.1.1~dev5-3.26.2
- (no CPE)range: < 5.1.1~dev5-3.26.2
- (no CPE)range: < 5.1.1~dev5-3.26.1
- (no CPE)range: < 5.1.1~dev5-3.26.1
- (no CPE)range: < 5.1.1~dev5-3.26.1
- (no CPE)range: < 11.0.9~dev63-3.30.2
- (no CPE)range: < 11.0.9~dev63-3.30.2
- (no CPE)range: < 11.0.9~dev63-3.30.2
- (no CPE)range: < 11.0.9~dev63-3.30.1
- (no CPE)range: < 11.0.9~dev63-3.30.1
- (no CPE)range: < 11.0.9~dev63-3.30.1
- (no CPE)range: < 16.1.9~dev61-3.35.2
- (no CPE)range: < 16.1.9~dev61-3.35.2
- (no CPE)range: < 16.1.9~dev61-3.35.2
- (no CPE)range: < 16.1.9~dev61-3.35.1
- (no CPE)range: < 16.1.9~dev61-3.35.1
- (no CPE)range: < 16.1.9~dev61-3.35.1
- (no CPE)range: < 4.1.2-3.6.1
- (no CPE)range: < 4.1.2-3.6.1
- (no CPE)range: < 2.4.2-3.9.1
- (no CPE)range: < 2.4.2-3.9.1
- (no CPE)range: < 2.4.2-3.9.1
- (no CPE)range: < 2.16.0-3.6.1
- (no CPE)range: < 5.1.1~dev7-12.24.1
- (no CPE)range: < 5.1.1~dev7-12.24.1
- (no CPE)range: < 5.0.2~dev3-12.25.1
- (no CPE)range: < 5.0.2~dev3-12.25.1
- (no CPE)range: < 9.0.8~dev7-12.22.1
- (no CPE)range: < 9.0.8~dev7-12.22.1
- (no CPE)range: < 11.2.3~dev23-14.25.1
- (no CPE)range: < 11.2.3~dev23-14.25.1
- (no CPE)range: < 5.0.3~dev7-12.23.1
- (no CPE)range: < 5.0.3~dev7-12.23.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.20.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.20.1
- (no CPE)range: < 15.0.3~dev3-12.23.1
- (no CPE)range: < 15.0.3~dev3-12.23.1
- (no CPE)range: < 9.0.8~dev22-12.25.1
- (no CPE)range: < 9.0.8~dev22-12.25.1
- (no CPE)range: < 9.1.8~dev8-12.25.1
- (no CPE)range: < 9.1.8~dev8-12.25.1
- (no CPE)range: < 12.0.4~dev5-11.26.1
- (no CPE)range: < 12.0.4~dev5-11.26.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.24.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.24.1
- (no CPE)range: < 5.1.1~dev5-12.29.1
- (no CPE)range: < 5.1.1~dev5-12.29.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.20.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.20.1
- (no CPE)range: < 4.0.2~dev2-12.20.1
- (no CPE)range: < 4.0.2~dev2-12.20.1
- (no CPE)range: < 11.0.9~dev63-13.28.1
- (no CPE)range: < 11.0.9~dev63-13.28.1
- (no CPE)range: < 16.1.9~dev61-11.26.1
- (no CPE)range: < 16.1.9~dev61-11.26.1
- (no CPE)range: < 1.0.6~dev3-12.25.1
- (no CPE)range: < 1.0.6~dev3-12.25.1
- (no CPE)range: < 7.0.5~dev4-11.24.1
- (no CPE)range: < 7.0.5~dev4-11.24.1
- (no CPE)range: < 8.0.2~dev2-11.24.1
- (no CPE)range: < 8.0.2~dev2-11.24.1
- (no CPE)range: < 3.4.10-3.6.1
- (no CPE)range: < 3.4.10-3.6.1
- (no CPE)range: < 3.4.10-3.6.1
Patches
Vulnerability mechanics
References
18- www.debian.org/security/2017/dsa-3871nvdThird Party AdvisoryWEB
- www.securityfocus.com/bid/98814nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-7cwj-j333-x7f7ghsaADVISORY
- issues.apache.org/jira/browse/ZOOKEEPER-2693nvdIssue TrackingMitigationVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-5637ghsaADVISORY
- access.redhat.com/errata/RHSA-2017:2477nvdWEB
- access.redhat.com/errata/RHSA-2017:3354nvdWEB
- access.redhat.com/errata/RHSA-2017:3355nvdWEB
- lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3EghsaWEB
- lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3EghsaWEB
- lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3EghsaWEB
- www.oracle.com//security-alerts/cpujul2021.htmlnvdWEB
- www.oracle.com/security-alerts/cpujul2020.htmlnvdWEB
- lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3Envd
- lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370%40%3Cdev.zookeeper.apache.org%3Envd
- lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Envd
- lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Envd
News mentions
0No linked articles in our index yet.