CVE-2018-1000127 (retired)

Priority
Description
memcached version prior to 1.4.37 contains an Integer Overflow
vulnerability in items.c:item_free() that can result in data corruption and
deadlocks due to items existing in hash table being reused from free list.
This attack appear to be exploitable via network connectivity to the
memcached service. This vulnerability appears to have been fixed in 1.4.37
and later.
Assigned-to
mdeslaur
Package
Upstream:released (1.5.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.4.25-2ubuntu1.4)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.5.6-0ubuntu1)
Patches:
Upstream:https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00
More Information

Updated: 2019-09-19 16:05:09 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)