A flaw was found in memcached version prior to 1.4.37. It contains an Integer Overflow vulnerability in items.c:item_free() that can result in resource leaks or data corruption, deadlocks and crashes due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. References: https://github.com/memcached/memcached/issues/271 https://github.com/memcached/memcached/wiki/ReleaseNotes1437 Upstream Patch: https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00
Created memcached tracking bugs for this issue: Affects: openstack-rdo [bug 1555065]
RHEL 6 is affected by this flaw, being subject to the integer overflow in items.c:item_free(), but items are not put back in the freelist if they are still used. However, it can cause memory leaks and, potentially, resource exhaustion.
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2018:2290 https://access.redhat.com/errata/RHSA-2018:2290