Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1000127

memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.

Published

2018-03-13T21:29:00.477

Last Modified

2024-11-21T03:39:44.437

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-190
CWE-667

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	memcached	memcached	< 1.4.37	Yes
Operating System	debian	debian_linux	7.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes
Operating System	canonical	ubuntu_linux	17.10	Yes
Application	redhat	openstack	10	Yes

References

https://access.redhat.com/errata/RHSA-2018:2290 Third Party Advisory ([email protected])
https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00 Patch, Third Party Advisory ([email protected])
https://github.com/memcached/memcached/issues/271 Third Party Advisory ([email protected])
https://github.com/memcached/memcached/wiki/ReleaseNotes1437 Release Notes, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2018/03/msg00031.html Mailing List, Third Party Advisory ([email protected])
https://usn.ubuntu.com/3601-1/ Third Party Advisory ([email protected])
https://www.debian.org/security/2018/dsa-4218 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:2290 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/memcached/memcached/issues/271 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/memcached/memcached/wiki/ReleaseNotes1437 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/03/msg00031.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3601-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4218 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)