CVE-2016-5017

HIGH

Apache ZooKeeper < 3.4.9 and 3.5.x < 3.5.3 - Buffer Overflow via C CLI Shell Batch Mode

Title source: llm
STIX 2.1

Description

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93044
Release Notes, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/09/17/3
Vendor Advisory x_refsource_confirm
https://zookeeper.apache.org/security.html#CVE-2016-5017
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/138755/ZooKeeper-3.4.8-3.5.2-Buffer-Overflow.html

Scores

CVSS v3 8.1
EPSS 0.0611
EPSS Percentile 90.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (4)
apache/zookeeper 3.5.0
apache/zookeeper 3.5.1
apache/zookeeper 3.5.2
apache/zookeeper < 3.4.8
Published Sep 21, 2016
Tracked Since Feb 18, 2026