CVE-2018-1000127
NONE EPSS 81.3%
Published Mar 13, 20188y ago · Modified Jun 17, 20262w ago
Published Mar 13, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.
Threat Intelligence
EPSS Exploit Probability
81.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 2
CWE-190 Integer Overflow or Wraparound Numeric Error
CWE-667
Affected Products 8
References 7
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:2290
- github.com https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00
- github.com https://github.com/memcached/memcached/issues/271
- github.com https://github.com/memcached/memcached/wiki/ReleaseNotes1437
- lists.debian.org https://lists.debian.org/debian-lts-announce/2018/03/msg00031.html
- usn.ubuntu.com https://usn.ubuntu.com/3601-1/
- debian.org https://www.debian.org/security/2018/dsa-4218
Remediation
- github.com https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00