Published: 13/03/2018 Updated: 24/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

memcached version before 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.

Vulnerable Product	Search on Vulmon	Subscribe to Product
memcached memcached
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 16.04
canonical ubuntu linux 17.10
canonical ubuntu linux 14.04
redhat openstack 10

Synopsis Moderate: memcached security update Type/Severity Security Advisory: Moderate Topic An update for memcached is now available for Red Hat OpenStack Platform 100 (Newton) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...

Memcached could be made to crash if it received specially crafted network traffic ...

Debian Bug report logs - #868701 memcached: CVE-2017-9951: Heap-based buffer over-read in try_read_command function Package: src:memcached; Maintainer for src:memcached is Guillaume Delacour <gui@iroqwaorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 17 Jul 2017 20:39:02 UTC Severity: important ...

Debian Bug report logs - #894404 memcached: CVE-2018-1000127 Package: memcached; Maintainer for memcached is Guillaume Delacour <gui@iroqwaorg>; Source for memcached is src:memcached (PTS, buildd, popcon) Reported by: Antoine Beaupre <anarcat@orangeseedsorg> Date: Thu, 29 Mar 2018 21:33:02 UTC Severity: grave Tags ...

Several vulnerabilities were discovered in memcached, a high-performance memory object caching system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-9951 Daniel Shapira reported a heap-based buffer over-read in memcached (resulting from an incomplete fix for CVE-2016-8705) triggered by spe ...

memcached version prior to 1437 contains an Integer Overflow vulnerability in itemsc:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list This attack appear to be exploitable via network connectivity to the memcached service This vulnerability appears to have been fixed in ...

CWE-190 CWE-667 https://github.com/memcached/memcached/wiki/ReleaseNotes1437 https://github.com/memcached/memcached/issues/271 https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00 https://usn.ubuntu.com/3601-1/https://lists.debian.org/debian-lts-announce/2018/03/msg00031.html https://www.debian.org/security/2018/dsa-4218 https://access.redhat.com/errata/RHSA-2018:2290 https://access.redhat.com/errata/RHSA-2018:2290 https://usn.ubuntu.com/3601-1/https://nvd.nist.gov

CVE-2018-1000127

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect