CVE-2017-7687

Name of the Vulnerable Software and Affected Versions Apache Mesos versions prior to 1.1.3 Apache Mesos versions 1.2.x prior to 1.2.2 Apache Mesos versions 1.3.x prior to 1.3.1 Apache Mesos version 1.4.0-dev

Description The issue arises when handling a decoding failure for a malformed URL path of an HTTP request. This can cause libprocess in Apache Mesos to crash due to the code accidentally calling an inappropriate function. As a result, a malicious actor can cause a denial of service of Mesos masters, rendering the Mesos-controlled cluster inoperable.

Recommendations For Apache Mesos versions prior to 1.1.3, update to version 1.1.3 or later. For Apache Mesos versions 1.2.x prior to 1.2.2, update to version 1.2.2 or later. For Apache Mesos versions 1.3.x prior to 1.3.1, update to version 1.3.1 or later. For Apache Mesos version 1.4.0-dev, update to a stable version that includes the fix.