[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253390

 
 

909

 
 

197257

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-0179Date: (C)2014-01-15   (M)2023-12-22


The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 1.8
Exploit Score: 3.2
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: ADJACENT_NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-56183
BID-64978
USN-2080-1
http://www.openwall.com/lists/oss-security/2013/01/14/4
http://www.openwall.com/lists/oss-security/2013/01/14/6
https://bugzilla.redhat.com/show_bug.cgi?id=895054
https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch&token=3GEzHThBL5cxmUrsYANkW03RrNY%3A1358179503096
https://code.google.com/p/memcached/issues/detail?id=306
https://code.google.com/p/memcached/wiki/ReleaseNotes1417

CPE    13
cpe:/a:memcached:memcached:1.4.8
cpe:/a:memcached:memcached:1.4.16
cpe:/a:memcached:memcached:1.4.7
cpe:/a:memcached:memcached:1.4.9
...
CWE    1
CWE-119
OVAL    6
oval:org.secpod.oval:def:106370
oval:org.secpod.oval:def:106369
oval:org.secpod.oval:def:601189
oval:org.secpod.oval:def:26409
...

© SecPod Technologies