ID CVE-2018-1000127
Summary memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.
References
Vulnerable Configurations
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
  • Red Hat OpenStack 10
    cpe:2.3:a:redhat:openstack:10
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3601-1.NASL
    description It was discovered that Memcached incorrectly handled reusing certain items. A remote attacker could possibly use this issue to cause Memcached to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 108484
    published 2018-03-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108484
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : memcached vulnerability (USN-3601-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1177.NASL
    description According to the version of the memcached package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.(CVE-2018-1000127) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110841
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110841
    title EulerOS 2.0 SP3 : memcached (EulerOS-SA-2018-1177)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1329.NASL
    description memcached version prior to 1.4.37 contains an Integer Overflow vulnerability that can result in data corruption and deadlocks. This attack is exploitable via network connectivity to the memcached service. For Debian 7 'Wheezy', these problems have been fixed in version 1.4.13-0.2+deb7u4. We recommend that you upgrade your memcached packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 108729
    published 2018-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108729
    title Debian DLA-1329-1 : memcached security update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1138.NASL
    description According to the version of the memcached package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.(CVE-2018-8740) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110142
    published 2018-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110142
    title EulerOS 2.0 SP1 : memcached (EulerOS-SA-2018-1138)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4218.NASL
    description Several vulnerabilities were discovered in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-9951 Daniel Shapira reported a heap-based buffer over-read in memcached (resulting from an incomplete fix for CVE-2016-8705 ) triggered by specially crafted requests to add/set a key and allowing a remote attacker to cause a denial of service. - CVE-2018-1000115 It was reported that memcached listens to UDP by default. A remote attacker can take advantage of it to use the memcached service as a DDoS amplifier. Default installations of memcached in Debian are not affected by this issue as the installation defaults to listen only on localhost. This update disables the UDP port by default. Listening on the UDP can be re-enabled in the /etc/memcached.conf (cf. /usr/share/doc/memcached/NEWS.Debian.gz). - CVE-2018-1000127 An integer overflow was reported in memcached, resulting in resource leaks, data corruption, deadlocks or crashes.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110386
    published 2018-06-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110386
    title Debian DSA-4218-1 : memcached - security update
redhat via4
advisories
rhsa
id RHSA-2018:2290
refmap via4
confirm
debian DSA-4218
mlist [debian-lts-announce] 20180329 [SECURITY] [DLA 1329-1] memcached security update
ubuntu USN-3601-1
Last major update 13-03-2018 - 17:29
Published 13-03-2018 - 17:29
Last modified 21-03-2019 - 10:33
Back to Top