CVE-2016-5017

Name of the Vulnerable Software and Affected Versions Apache Zookeeper versions 3.4.9 and earlier, 3.5.x before 3.5.3

Description The issue is related to a buffer overflow in the C cli shell of Apache Zookeeper when using the "cmd:" batch mode syntax. This can allow attackers to have an impact on the confidentiality, integrity, and availability of protected information via a long command string. The vulnerability is associated with the parsing of the input command and can occur if the command string exceeds 1024 characters.

Recommendations For Apache Zookeeper versions 3.4.9 and earlier, update to version 3.4.9 or later. For Apache Zookeeper versions 3.5.x before 3.5.3, update to version 3.5.3 or later. As a temporary workaround, consider avoiding the use of the "cmd:" batch mode syntax in the C cli shell until a patch is available. Restrict access to the C cli shell to minimize the risk of exploitation.