CVE-2018-1000127

2018-03-1321:29:00

Google

osv.dev

0.01 Low

EPSS

Percentile

83.9%

JSON

memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.

CPENameOperatorVersion
memcachedeq1.4.0
memcachedeq1.2.5
memcachedeq1.4.25
memcachedeq1.4.7
memcachedeq1.4.5
memcachedeq1.4.15
memcachedeq1.4.8
memcachedeq1.4.9
memcachedeq1.2.2
memcachedeq1.4.13

Name	Operator	Version
memcached	eq	1.4.0
memcached	eq	1.2.5
memcached	eq	1.4.25
memcached	eq	1.4.7
memcached	eq	1.4.5
memcached	eq	1.4.15
memcached	eq	1.4.8
memcached	eq	1.4.9
memcached	eq	1.2.2
memcached	eq	1.4.13