#VU10898 Buffer over-read in memcached


Published: 2018-03-05 | Updated: 2018-03-20

Vulnerability identifier: #VU10898

Vulnerability risk: High

CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2017-9951

CWE-ID: CWE-126

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
memcached
Server applications / Web servers

Vendor: Memcached

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the try_read_command function in memcached.c in memcached before 1.4.39. A remote attacker can perform a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read.

The vulnerability is dubbed Twistlock.

Mitigation
Update to version 1.4.39

Vulnerable software versions

memcached: 1.4.0 - 1.4.38

External links
http://github.com/memcached/memcached/wiki/ReleaseNotes1439
http://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-v...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.


Latest bulletins with this vulnerability


Debian update for memcached
OpenSUSE Linux update for memcached
SUSE Linux update for memcached
SUSE Linux update for memcached
SUSE Linux update for memcached
Ubuntu update for Memcached
Buffer over-read in memcached (Alpine package)
Denial of service in memcached