Vulnerability Details : CVE-2017-9951
The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2017-9951
- cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*
Threat overview for CVE-2017-9951
Top countries where our scanners detected CVE-2017-9951
Top open port discovered on systems with this issue
11211
IPs affected by CVE-2017-9951 24,412
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-9951!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-9951
0.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9951
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2017-9951
-
https://github.com/memcached/memcached/wiki/ReleaseNotes1439
ReleaseNotes1439 · memcached/memcached Wiki · GitHubThird Party Advisory
-
http://www.securityfocus.com/bid/99874
Memcached CVE-2017-9951 Incomplete Fix Integer Overflow Vulnerability
-
https://groups.google.com/forum/message/raw?msg=memcached/ubGWrkmrr4E/nrm1SeVJAQAJ
Mailing List;Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4218
Debian -- Security Information -- DSA-4218-1 memcached
-
https://usn.ubuntu.com/3588-1/
USN-3588-1: Memcached vulnerabilities | Ubuntu security notices
-
https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/
Memcached Server CVE-2017-9951 | Twistlock Vulnerability ReportExploit;Technical Description;Third Party Advisory
Jump to