When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.
Created mesos tracking bugs for this issue:
Affects: fedora-all [bug 1629965]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.