Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.
http://www.openwall.com/lists/oss-security/2016/09/17/3
http://packetstormsecurity.com/files/138755/ZooKeeper-3.4.8-3.5.2-Buffer-Overflow.html
https://zookeeper.apache.org/security.html#CVE-2016-5017
http://www.securityfocus.com/bid/93044
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
https://lists.apache.org/thread.html/[email protected]%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.nifi.apache.org%3E
https://www.oracle.com/security-alerts/cpujul2020.html
https://lists.apache.org/thread.html/[email protected]%3Cnotifications.dubbo.apache.org%3E
Source: MITRE
Published: 2016-09-21
Updated: 2021-11-17
Type: CWE-119
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 8.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.2
Severity: HIGH