VDB
CVE-2018-1000127
CVE-2018-1000127
PUBLISHED
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.
EPSS 1.00% · 77.4th percentile
Risk Scores
EPSS Score
1.00%
77.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | memcached | 1.4.25-2ubuntu1, 0, 1.4.24-2ubuntu1 |
| Ubuntu:14.04:LTS | memcached | 0, 1.4.14-0ubuntu4, 1.4.14-0ubuntu8 |
Timeline
- Mar 13, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-1000127 third-party-advisory
- https://github.com/memcached/memcached/wiki/ReleaseNotes1437 third-party-advisory
- https://ubuntu.com/security/notices/USN-3601-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1000127 third-party-advisory