CVE-2018-1000127

Description

memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.

CVSS Metrics

• v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 1.00%• Percentile: 77%

Techniques & Countermeasures

• CWE-190•Integer Overflow or Wraparound

  The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

• CWE-667•Improper Locking

  The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Affected Systems

• canonical•ubuntu_linux

  14.04 | 16.04 | 17.10

• debian•debian_linux

  7.0 | 8.0 | 9.0

• memcached•memcached

  < 1.4.37

• redhat•openstack

  10

References (7)

• https://access.redhat.com/errata/RHSA-2018:2290
• https://lists.debian.org/debian-lts-announce/2018/03/msg00031.html
• https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00
• https://usn.ubuntu.com/3601-1/
• https://www.debian.org/security/2018/dsa-4218
• https://github.com/memcached/memcached/wiki/ReleaseNotes1437
• https://github.com/memcached/memcached/issues/271