#VU10898 Buffer over-read in memcached - CVE-2017-9951

Cybersecurity Help s.r.o.

Published: 2018-03-05 | Updated: 2018-03-20

Vulnerability identifier: #VU10898

Vulnerability risk: High

CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2017-9951

CWE-ID: CWE-126

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
memcached
Server applications / Web servers

Vendor: Memcached

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the try_read_command function in memcached.c in memcached before 1.4.39. A remote attacker can perform a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read.

The vulnerability is dubbed Twistlock.

Mitigation
Update to version 1.4.39

Vulnerable software versions

memcached: 1.4.0 - 1.4.38

External links
https://github.com/memcached/memcached/wiki/ReleaseNotes1439
https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-v...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

Latest bulletins with this vulnerability

Debian update for memcached

OpenSUSE Linux update for memcached

SUSE Linux update for memcached

Ubuntu update for Memcached

Buffer over-read in memcached (Alpine package)

Denial of service in memcached