Home

CVE-2017-9951

Description

The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.674

Associated Vulnerability

VulnerabilityOS Platform
high-performance memory object caching system (USN-3588-1) memcached_1.4.14-0ubuntu9.2_i386.debLinux
high-performance memory object caching system (USN-3588-1) memcached_1.4.14-0ubuntu9.2_amd64.debLinux
high-performance memory object caching system (USN-3588-1) memcached_1.4.25-2ubuntu1.3_i386.debLinux
high-performance memory object caching system (USN-3588-1) memcached_1.4.25-2ubuntu1.3_amd64.debLinux
high-performance memory object caching system (USN-3588-1) memcached_1.4.33-1ubuntu3.2_i386.debLinux
high-performance memory object caching system (USN-3588-1) memcached_1.4.33-1ubuntu3.2_amd64.debLinux
memcached security update(DSA-4218-1) memcached_1.4.33-1+deb9u1_i386.debLinux
memcached security update(DSA-4218-1) memcached_1.4.33-1+deb9u1_amd64.debLinux
memcached security update(DSA-4218-1) memcached_1.4.21-1.1+deb8u2_i386.debLinux
memcached security update(DSA-4218-1) memcached_1.4.21-1.1+deb8u2_amd64.debLinux
SUSE-SU-2018:0839-1(SUSE Linux Enterprise Server 12-SP2 ) memcached-1.4.39-4.3.1.x86_64.rpmLinux
SUSE-SU-2018:0839-1(SUSE Linux Enterprise Server 12-SP2 ) memcached-debuginfo-1.4.39-4.3.1.x86_64.rpmLinux
SUSE-SU-2018:0839-1(SUSE Linux Enterprise Server 12-SP2 ) memcached-debugsource-1.4.39-4.3.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234