Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-1000127
HistoryMar 13, 2018 - 9:29 p.m.

CVE-2018-1000127

2018-03-1321:29:00
CWE-667
CWE-190
[email protected]
web.nvd.nist.gov
156
memcached
cve-2018-1000127
integer overflow
items.c:item_free()
data corruption
deadlocks
network exploit

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.9%

JSON

memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.

Affected configurations

NVD
Node
memcachedmemcachedRange<1.4.37
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
Node
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch16.04lts
OR
canonicalubuntu_linuxMatch17.10
Node
redhatopenstackMatch10
CPENameOperatorVersion
memcached:memcachedmemcachedlt1.4.37

Related

nessus 12
openvas 7
osv 3
cvelist 1
veracode 1
redhat 1
nvd 1
debian 3
ubuntu 1
prion 1
debiancve 1
ubuntucve 1
rosalinux 1
nessus
nessus
Debian DLA-1329-1 : memcached security update
2018-03-30 00:00:00
EulerOS 2.0 SP3 : memcached (EulerOS-SA-2018-1177)
2018-07-03 00:00:00
RHEL 7 : memcached (RHSA-2018:2290)
2024-04-27 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1329-1)
2018-04-01 00:00:00
Huawei EulerOS: Security Advisory for memcached (EulerOS-SA-2018-1177)
2020-01-23 00:00:00
Ubuntu: Security Advisory (USN-3601-1)
2018-03-20 00:00:00
osv
osv
CVE-2018-1000127
2018-03-13 21:29:00
memcached - security update
2018-03-29 00:00:00
memcached - security update
2018-06-06 00:00:00
cvelist
cvelist
CVE-2018-1000127
2018-03-13 21:00:00
veracode
veracode
Data Corruption
2019-01-15 09:25:19
redhat
redhat
(RHSA-2018:2290) Moderate: memcached security update
2018-07-30 17:28:24
nvd
nvd
CVE-2018-1000127
2018-03-13 21:29:00
debian
debian
[SECURITY] [DLA 1329-1] memcached security update
2018-03-29 21:48:25
[SECURITY] [DSA 4218-1] memcached security update
2018-06-06 18:52:34
[SECURITY] [DSA 4218-1] memcached security update
2018-06-06 18:52:34
ubuntu
ubuntu
Memcached vulnerability
2018-03-19 00:00:00
prion
prion
Integer overflow
2018-03-13 21:29:00
debiancve
debiancve
CVE-2018-1000127
2018-03-13 21:29:00
ubuntucve
ubuntucve
CVE-2018-1000127
2018-03-13 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1917
2021-07-02 17:28:39

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.9%

JSON
Related for CVE-2018-1000127
nessus12openvas7osv3cvelist1veracode1redhat1nvd1debian3ubuntu1prion1debiancve1ubuntucve1rosalinux1