CVE-2018-1000127

memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/memcached/memcached/wiki/ReleaseNotes1437	Release Notes Third Party Advisory
https://github.com/memcached/memcached/issues/271	Third Party Advisory
https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00	Patch Third Party Advisory
https://usn.ubuntu.com/3601-1/	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/03/msg00031.html	Mailing List Third Party Advisory
https://www.debian.org/security/2018/dsa-4218	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2290	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

Configuration 4 (hide)

cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*

Information

Published : 2018-03-13 14:29

Updated : 2020-08-24 10:37

NVD link : CVE-2018-1000127

Mitre link : CVE-2018-1000127

JSON object : View

CWE

CWE-667

Improper Locking

CWE-190

Integer Overflow or Wraparound

Products Affected

debian

debian_linux

canonical

ubuntu_linux

redhat

openstack

memcached

memcached

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/memcached/memcached/wiki/ReleaseNotes1437", "name": "https://github.com/memcached/memcached/wiki/ReleaseNotes1437", "tags": ["Release Notes", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://github.com/memcached/memcached/issues/271", "name": "https://github.com/memcached/memcached/issues/271", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00", "name": "https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://usn.ubuntu.com/3601-1/", "name": "USN-3601-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00031.html", "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1329-1] memcached security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://www.debian.org/security/2018/dsa-4218", "name": "DSA-4218", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2290", "name": "RHSA-2018:2290", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-667"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-1000127", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": true, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2018-03-13T21:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.4.37"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-08-24T17:37Z"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2018-1000127

7.5^/10

5.0^/10

Attach tags to `CVE-2018-1000127`