| Vulnerability Name: | CVE-2016-5017 (CCN-116995) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2016-09-16 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2016-09-16 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2021-11-17 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-5017 Source: MISC Type: Exploit, Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/138755/ZooKeeper-3.4.8-3.5.2-Buffer-Overflow.html Source: CCN Type: Full-Disclosure Mailing List, Fri, 16 Sep 2016 19:17:17 +0100 [SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell Source: MLIST Type: Release Notes, Third Party Advisory [oss-security] 20160916 [SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell Source: BID Type: UNKNOWN 93044 Source: XF Type: UNKNOWN zookeeper-cve20165017-bo(116995) Source: CONFIRM Type: Patch https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f Source: CONFIRM Type: Patch https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=f09154d6648eeb4ec5e1ac8a2bacbd2f8c87c14a Source: MLIST Type: UNKNOWN [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar Source: MLIST Type: UNKNOWN [nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html Source: MLIST Type: UNKNOWN [dubbo-notifications] 20211101 [GitHub] [dubbo] AlbumenJ opened a new issue #9177: Upgrade Zookeeper dependency Source: MLIST Type: UNKNOWN [nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html Source: CONFIRM Type: UNKNOWN https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html Source: CCN Type: IBM Security Bulletin 1992040 (eDiscovery Analyzer) pen Source Apache Zookeeper Vulnerabilities in IBM eDiscovery Analyzer Source: CCN Type: IBM Security Bulletin 6491163 (Planning Analytics) IBM Planning Analytics Workspace is affected by security vulnerabilities Source: MISC Type: UNKNOWN https://www.oracle.com/security-alerts/cpujul2020.html Source: CCN Type: WhiteSource Vulnerability Database CVE-2016-5017 Source: CCN Type: Apache Web Site CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell Source: CONFIRM Type: Vendor Advisory https://zookeeper.apache.org/security.html#CVE-2016-5017 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||