1
PublicDateAtUSN: 2018-03-13
2
Candidate: CVE-2018-1000127
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000127
6
https://github.com/memcached/memcached/wiki/ReleaseNotes1437
7
https://usn.ubuntu.com/usn/usn-3601-1
9
memcached version prior to 1.4.37 contains an Integer Overflow
10
vulnerability in items.c:item_free() that can result in data corruption and
11
deadlocks due to items existing in hash table being reused from free list.
12
This attack appear to be exploitable via network connectivity to the
13
memcached service. This vulnerability appears to have been fixed in 1.4.37
18
https://github.com/memcached/memcached/issues/271
24
upstream: https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00
25
upstream_memcached: released (1.5.0-1)
26
precise/esm_memcached: DNE
27
trusty_memcached: released (1.4.14-0ubuntu9.3)
28
xenial_memcached: released (1.4.25-2ubuntu1.4)
29
artful_memcached: released (1.4.33-1ubuntu3.3)
30
devel_memcached: not-affected (1.5.6-0ubuntu1)