High severity7.5NVD Advisory· Published Jul 17, 2017· Updated Jun 17, 2026
CVE-2017-9951
CVE-2017-9951
Description
The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15- osv-coords13 versionspkg:rpm/opensuse/memcached&distro=openSUSE%20Tumbleweedpkg:rpm/suse/memcached&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/memcached&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/memcached&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/memcached&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/memcached&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/memcached&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/memcached&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/memcached&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/memcached&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/memcached&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/memcached&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/memcached&distro=SUSE%20Studio%20Onsite%20Runner%201.3
< 1.6.9-2.3+ 12 more
- (no CPE)range: < 1.6.9-2.3
- (no CPE)range: < 1.4.39-3.3.2
- (no CPE)range: < 1.4.39-4.3.1
- (no CPE)range: < 1.4.39-4.3.1
- (no CPE)range: < 1.4.39-4.3.1
- (no CPE)range: < 1.4.39-4.3.1
- (no CPE)range: < 1.4.39-4.3.1
- (no CPE)range: < 1.2.6-5.17.4.1
- (no CPE)range: < 1.4.39-4.3.1
- (no CPE)range: < 1.4.39-3.3.1
- (no CPE)range: < 1.4.39-3.3.2
- (no CPE)range: < 1.2.6-5.17.4.1
- (no CPE)range: < 1.2.6-5.17.4.1
Patches
Vulnerability mechanics
References
5- www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/nvdExploitTechnical DescriptionThird Party Advisory
- groups.google.com/forum/message/rawnvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/99874nvd
- usn.ubuntu.com/3588-1/nvd
- www.debian.org/security/2018/dsa-4218nvd
News mentions
0No linked articles in our index yet.