CVE-2017-9951

The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
memcachedmemcached
𝑥
≤ 1.4.38
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
memcached
bookworm
1.6.18-1
fixed
bullseye
1.6.9+dfsg-1
fixed
sid
1.6.32-2
fixed
trixie
1.6.32-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
memcached
artful
Fixed 1.4.33-1ubuntu3.2
released
trusty
Fixed 1.4.14-0ubuntu9.2
released
xenial
Fixed 1.4.25-2ubuntu1.3
released
yakkety
ignored
zesty
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
memcached
suse enterprise sap 15
1.5.6-2.10
fixed
suse enterprise sap 15 SP1
1.5.6-2.10
fixed
suse enterprise sap 15 SP2
1.5.6-4.5.30
fixed
suse enterprise sap 15 SP3
1.5.6-4.5.30
fixed
suse enterprise sap 15 SP4
1.5.6-4.7.1
fixed
suse enterprise sap 15 SP7
1.5.6-4.7.1
fixed
suse enterprise server 15
1.5.6-2.10
fixed
suse enterprise server 15 SP1
1.5.6-2.10
fixed
suse enterprise server 15 SP2
1.5.6-4.5.30
fixed
suse enterprise server 15 SP3
1.5.6-4.5.30
fixed
suse enterprise server 15 SP4
1.5.6-4.7.1
fixed
suse enterprise server 15 SP7
1.5.6-4.7.1
fixed
memcached-devel
suse enterprise sap 15
1.5.6-2.10
fixed
suse enterprise sap 15 SP1
1.5.6-2.10
fixed
suse enterprise sap 15 SP2
1.5.6-4.5.30
fixed
suse enterprise sap 15 SP3
1.5.6-4.5.30
fixed
suse enterprise sap 15 SP4
1.5.6-4.7.1
fixed
suse enterprise sap 15 SP7
1.5.6-4.7.1
fixed
suse enterprise server 15
1.5.6-2.10
fixed
suse enterprise server 15 SP1
1.5.6-2.10
fixed
suse enterprise server 15 SP2
1.5.6-4.5.30
fixed
suse enterprise server 15 SP3
1.5.6-4.5.30
fixed
suse enterprise server 15 SP4
1.5.6-4.7.1
fixed
suse enterprise server 15 SP7
1.5.6-4.7.1
fixed
References
http://www.securityfocus.com/bid/99874
https://github.com/memcached/memcached/wiki/ReleaseNotes1439
https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ
https://usn.ubuntu.com/3588-1/
https://www.debian.org/security/2018/dsa-4218
https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/
http://www.securityfocus.com/bid/99874
https://github.com/memcached/memcached/wiki/ReleaseNotes1439
https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ
https://usn.ubuntu.com/3588-1/
https://www.debian.org/security/2018/dsa-4218
https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/