Document zookeeper issue

1 files changed, 26 insertions, 0 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index db843503f41d..a5bf42950970 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -58,6 +58,32 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="af61b271-9e47-4db0-a0f6-29fb032236a3">
+    <topic>zookeeper -- Denial Of Service</topic>
+    <affects>
+      <package>
+	<name>zookeeper</name>
+	<range><lt>3.4.10</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>zookeeper developers report:</p>
+	<blockquote cite="https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E">
+	  <p>Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E</url>
+      <cvename>CVE-2017-5637</cvename>
+    </references>
+    <dates>
+      <discovery>2017-10-09</discovery>
+      <entry>2017-10-10</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="9b5a905f-e556-452f-a00c-8f070a086181">
     <topic>libtiff -- Improper Input Validation</topic>
     <affects>