CVE-2017-9951 - OpenCVE

The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Memcached	Memcached

Configuration 1 [-]

cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/99874
https://github.com/memcached/memcached/wiki/ReleaseNotes1439
https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ
https://nvd.nist.gov/vuln/detail/CVE-2017-9951
https://usn.ubuntu.com/3588-1/
https://www.cve.org/CVERecord?id=CVE-2017-9951
https://www.debian.org/security/2018/dsa-4218
https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-17T06:00:00

Updated: 2024-08-05T17:24:59.972Z

Reserved: 2017-06-26T00:00:00

Link: CVE-2017-9951

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-07-17T13:18:30.970

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-9951

Redhat

Severity : Low

Publid Date: 2017-07-17T00:00:00Z

Links: CVE-2017-9951 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-17T00:00:00", "descriptions": [{"lang": "en", "value": "The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-07T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3588-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3588-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/memcached/memcached/wiki/ReleaseNotes1439"}, {"name": "99874", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99874"}, {"name": "DSA-4218", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4218"}, {"tags": ["x_refsource_MISC"], "url": "https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/"}, {"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9951", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3588-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3588-1/"}, {"name": "https://github.com/memcached/memcached/wiki/ReleaseNotes1439", "refsource": "MISC", "url": "https://github.com/memcached/memcached/wiki/ReleaseNotes1439"}, {"name": "99874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99874"}, {"name": "DSA-4218", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4218"}, {"name": "https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/", "refsource": "MISC", "url": "https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/"}, {"name": "https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ", "refsource": "MISC", "url": "https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:24:59.972Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3588-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3588-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/memcached/memcached/wiki/ReleaseNotes1439"}, {"name": "99874", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99874"}, {"name": "DSA-4218", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4218"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9951", "datePublished": "2017-07-17T06:00:00", "dateReserved": "2017-06-26T00:00:00", "dateUpdated": "2024-08-05T17:24:59.972Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BBF21B9-EC29-439E-B875-913CC487A8C5", "versionEndIncluding": "1.4.38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705."}, {"lang": "es", "value": "La funci\u00f3n try_read_command en el archivo memcached.c en memcached anterior a versi\u00f3n 1.4.39, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) por medio de una petici\u00f3n para agregar y configurar una clave, lo que hace una comparaci\u00f3n entre un int firmado y sin firmar y activa una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para el CVE-2016-8705."}], "id": "CVE-2017-9951", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-17T13:18:30.970", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/99874"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/memcached/memcached/wiki/ReleaseNotes1439"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3588-1/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2018/dsa-4218"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "memcached: Heap-based buffer over-read in try_read_command function (incomplete fix for CVE-2016-8705)", "id": "1471970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471970"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-119", "details": ["The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705."], "mitigation": {"lang": "en:us", "value": "This flaw is in the memcached binary protocol. If your client programs only use the ASCII protocol when communicating with memcached, you can disable the binary protocol and protect against this flaw by adding \"-B ascii\" to OPTIONS in /etc/sysconfig/memcached."}, "name": "CVE-2017-9951", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Will not fix", "package_name": "memcached", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Will not fix", "package_name": "memcached", "product_name": "Red Hat Mobile Application Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "memcached", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:11", "fix_state": "Will not fix", "package_name": "memcached", "product_name": "Red Hat OpenStack Platform 11 (Ocata)"}, {"cpe": "cpe:/a:redhat:openstack:12", "fix_state": "Not affected", "package_name": "memcached", "product_name": "Red Hat OpenStack Platform 12 (Pike)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Will not fix", "package_name": "memcached", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Will not fix", "package_name": "memcached", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}], "public_date": "2017-07-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-9951\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9951"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}