What is CVE-2018-1000127?

CVE-2018-1000127 is a vulnerability in memcached version prior to 1.4.37 that can result in data corruption and deadlocks.

How severe is CVE-2018-1000127?

CVE-2018-1000127 has a severity level of 7.5 (high).

Which software is affected by CVE-2018-1000127?

The software affected by CVE-2018-1000127 is memcached version prior to 1.4.37.

How can I fix CVE-2018-1000127?

To fix CVE-2018-1000127, upgrade to memcached version 1.4.37 or higher.

Where can I find more information about CVE-2018-1000127?

You can find more information about CVE-2018-1000127 on the Debian security tracker and MITRE's CVE database.

Vulnerability/
CVE-2018-1000127

high

7.5

CWE

190 667

13/3/2018

5/8/2024

CVE-2018-1000127: Integer Overflow

First published: Tue Mar 13 2018(Updated: )

A flaw was found in memcached version prior to 1.4.37. It contains an Integer Overflow vulnerability in items.c:item_free() that can result in resource leaks or data corruption, deadlocks and crashes due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. References: <a href="https://github.com/memcached/memcached/issues/271">https://github.com/memcached/memcached/issues/271</a> <a href="https://github.com/memcached/memcached/wiki/ReleaseNotes1437">https://github.com/memcached/memcached/wiki/ReleaseNotes1437</a> Upstream Patch: <a href="https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00">https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00</a>

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/memcached	<1.4.37	1.4.37
ubuntu/memcached	<1.4.33-1ubuntu3.3	1.4.33-1ubuntu3.3
ubuntu/memcached	<1.4.14-0ubuntu9.3	1.4.14-0ubuntu9.3
ubuntu/memcached	<1.5.0-1	1.5.0-1
ubuntu/memcached	<1.4.25-2ubuntu1.4	1.4.25-2ubuntu1.4
debian/memcached		1.6.9+dfsg-1 1.6.18-1 1.6.29-1
Php Memcached	<1.4.37
Debian	=7.0
Debian	=8.0
Debian	=9.0
Ubuntu Linux	=14.04
Ubuntu Linux	=16.04
Ubuntu Linux	=17.10
Red Hat OpenStack for IBM Power	=10
PCP PMDA for Memcached	<1.4.37

Remedy

https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-3601-1

Frequently Asked Questions

What is CVE-2018-1000127?
CVE-2018-1000127 is a vulnerability in memcached version prior to 1.4.37 that can result in data corruption and deadlocks.
How severe is CVE-2018-1000127?
CVE-2018-1000127 has a severity level of 7.5 (high).
Which software is affected by CVE-2018-1000127?
The software affected by CVE-2018-1000127 is memcached version prior to 1.4.37.
How can I fix CVE-2018-1000127?
To fix CVE-2018-1000127, upgrade to memcached version 1.4.37 or higher.
Where can I find more information about CVE-2018-1000127?
You can find more information about CVE-2018-1000127 on the Debian security tracker and MITRE's CVE database.

collector/debian-bugs
alias/CVE-2018-1000127
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
agent/description
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
collector/usn-cve
source/Ubuntu
agent/severity
agent/references
collector/security-tracker-debian
source/Debian
agent/event
agent/trending
agent/source
agent/author
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-cve
source/NVD
package-manager/redhat
package-manager/ubuntu
package-manager/debian
vendor/memcached
canonical/php memcached
vendor/debian
canonical/debian
version/debian/7.0
version/debian/8.0
version/debian/9.0
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/14.04
version/ubuntu linux/16.04
version/ubuntu linux/17.10
vendor/redhat
canonical/red hat openstack for ibm power
version/red hat openstack for ibm power/10
canonical/pcp pmda for memcached