CVE-2017-9951 - OpenCVE

The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Memcached	Memcached

Configuration 1 [-]

cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/99874
https://github.com/memcached/memcached/wiki/ReleaseNotes1439	Third Party Advisory
https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ	Mailing List Third Party Advisory
https://usn.ubuntu.com/3588-1/
https://www.debian.org/security/2018/dsa-4218
https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/	Exploit Technical Description Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-17T06:00:00

Updated: 2018-06-07T09:57:01

Reserved: 2017-06-26T00:00:00

Link: CVE-2017-9951

JSON object: View

NVD Information

Status : Modified

Published: 2017-07-17T13:18:30.970

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-9951

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-17T00:00:00", "descriptions": [{"lang": "en", "value": "The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-07T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3588-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3588-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/memcached/memcached/wiki/ReleaseNotes1439"}, {"name": "99874", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99874"}, {"name": "DSA-4218", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4218"}, {"tags": ["x_refsource_MISC"], "url": "https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/"}, {"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9951", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3588-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3588-1/"}, {"name": "https://github.com/memcached/memcached/wiki/ReleaseNotes1439", "refsource": "MISC", "url": "https://github.com/memcached/memcached/wiki/ReleaseNotes1439"}, {"name": "99874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99874"}, {"name": "DSA-4218", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4218"}, {"name": "https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/", "refsource": "MISC", "url": "https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/"}, {"name": "https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ", "refsource": "MISC", "url": "https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9951", "datePublished": "2017-07-17T06:00:00", "dateReserved": "2017-06-26T00:00:00", "dateUpdated": "2018-06-07T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BBF21B9-EC29-439E-B875-913CC487A8C5", "versionEndIncluding": "1.4.38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705."}, {"lang": "es", "value": "La funci\u00f3n try_read_command en el archivo memcached.c en memcached anterior a versi\u00f3n 1.4.39, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) por medio de una petici\u00f3n para agregar y configurar una clave, lo que hace una comparaci\u00f3n entre un int firmado y sin firmar y activa una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para el CVE-2016-8705."}], "id": "CVE-2017-9951", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-17T13:18:30.970", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/99874"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/memcached/memcached/wiki/ReleaseNotes1439"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3588-1/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2018/dsa-4218"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}