CVE-2018-1000127

Priority
Description
memcached version prior to 1.4.37 contains an Integer Overflow
vulnerability in items.c:item_free() that can result in data corruption and
deadlocks due to items existing in hash table being reused from free list.
This attack appear to be exploitable via network connectivity to the
memcached service. This vulnerability appears to have been fixed in 1.4.37
and later.
Assigned-to
mdeslaur
Package
Upstream:released (1.5.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.4.14-0ubuntu9.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.4.25-2ubuntu1.4)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.5.6-0ubuntu1)
Patches:
Upstream:https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00
More Information

Updated: 2019-01-14 22:31:09 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)