[3.5] memcached: Heap-based buffer over-read in try_read_command function (CVE-2017-9951)ID: oval:org.secpod.oval:def:1800427 | Date: (C)2018-03-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.
Platform: |
Alpine Linux 3.5 |