{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.1.2" }, { "introduced": "0" }, { "last_affected": "1.2.0" }, { "introduced": "0" }, { "last_affected": "1.2.1" }, { "introduced": "0" }, { "last_affected": "1.3.0" }, { "introduced": "0" }, { "last_affected": "1.3.1" }, { "introduced": "0" }, { "last_affected": "1.4.0-dev" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "37d98c55e1f43d6734729b5cdbed242ebc3263ed" }, { "introduced": "0" }, { "last_affected": "de306b5786de3c221bae1457c6f2ccaeb38eef9f" }, { "introduced": "0" }, { "last_affected": "7a0cc5522f2ae42ed153860bbbceff1b56476b4e" }, { "introduced": "0" }, { "last_affected": "904729ed37802545ec650e46177e49e1c35c84a8" }, { "introduced": "0" }, { "last_affected": "1beaede8c13f0832d4921121da34f924deec8950" }, { "introduced": "0" }, { "last_affected": "b3fd2e7ab26e118222fe18af4b92c53a3c01e6cc" } ], "repo": "https://github.com/apache/mesos", "type": "GIT" } ] } ], "details": "When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.", "id": "CVE-2017-7687", "modified": "2026-03-13T21:53:12.732489419Z", "published": "2017-09-29T01:34:50.497Z", "references": [ { "type": "WEB", "url": "https://lists.apache.org/thread.html/2c9ed2b07c2b2831a11d21db3cf8408a71fcf2c300d73ca01bad89df%40%3Cdev.mesos.apache.org%3E" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/101027" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }