[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2018-1000127Date: (C)2018-04-12   (M)2023-12-22


memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
DSA-4218
RHSA-2018:2290
USN-3601-1
https://lists.debian.org/debian-lts-announce/2018/03/msg00031.html
https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00
https://github.com/memcached/memcached/issues/271
https://github.com/memcached/memcached/wiki/ReleaseNotes1437

CPE    6
cpe:/o:debian:debian_linux:9.0
cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0
cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
...
CWE    1
CWE-190
OVAL    6
oval:org.secpod.oval:def:2103870
oval:org.secpod.oval:def:2103745
oval:org.secpod.oval:def:603418
oval:org.secpod.oval:def:704015
...

© SecPod Technologies