[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-5017Date: (C)2016-09-26   (M)2023-12-22


Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.1CVSS Score : 6.8
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
BID-93044
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/r4b743f407244294f316325458ccaabfce9cd70ca3a6423dbe574035c%40%3Cnotifications.dubbo.apache.org%3E
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
http://www.openwall.com/lists/oss-security/2016/09/17/3
http://packetstormsecurity.com/files/138755/ZooKeeper-3.4.8-3.5.2-Buffer-Overflow.html
https://git-wip-us.apache.org/repos/asf?p=zookeeper.git%3Ba=commitdiff%3Bh=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f
https://git-wip-us.apache.org/repos/asf?p=zookeeper.git%3Ba=commitdiff%3Bh=f09154d6648eeb4ec5e1ac8a2bacbd2f8c87c14a
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://zookeeper.apache.org/security.html#CVE-2016-5017

CPE    4
cpe:/a:apache:zookeeper:3.5.2
cpe:/a:apache:zookeeper:3.5.1
cpe:/a:apache:zookeeper:3.5.0
cpe:/a:apache:zookeeper
...
CWE    1
CWE-119
OVAL    3
oval:org.secpod.oval:def:111830
oval:org.secpod.oval:def:111819
oval:org.secpod.oval:def:1900923

© SecPod Technologies