CVE-2017-9951
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.
La función try_read_command en el archivo memcached.c en memcached anterior a versión 1.4.39, permite a los atacantes remotos causar una denegación de servicio (fallo de segmentación) por medio de una petición para agregar y configurar una clave, lo que hace una comparación entre un int firmado y sin firmar y activa una lectura excesiva del búfer en la región heap de la memoria. NOTA: esta vulnerabilidad existe debido a una solución incompleta para el CVE-2016-8705.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-26 CVE Reserved
- 2017-07-17 CVE Published
- 2024-07-29 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/99874 | Vdb Entry | |
https://github.com/memcached/memcached/wiki/ReleaseNotes1439 | Third Party Advisory | |
https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ | Mailing List |
URL | Date | SRC |
---|---|---|
https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/3588-1 | 2019-10-03 | |
https://www.debian.org/security/2018/dsa-4218 | 2019-10-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | <= 1.4.38 Search vendor "Memcached" for product "Memcached" and version " <= 1.4.38" | - |
Affected
|