Lucene search

K
osvGoogleOSV:DSA-2832-1
HistoryJan 01, 2014 - 12:00 a.m.

memcached - several

2014-01-0100:00:00
Google
osv.dev
13

EPSS

0.077

Percentile

94.3%

Multiple vulnerabilities have been found in memcached, a high-performance
memory object caching system. The Common Vulnerabilities and Exposures
project identifies the following issues:

  • CVE-2011-4971
    Stefan Bucur reported that memcached could be caused to crash by
    sending a specially crafted packet.
  • CVE-2013-7239
    It was reported that SASL authentication could be bypassed due to a
    flaw related to the managment of the SASL authentication state. With
    a specially crafted request, a remote attacker may be able to
    authenticate with invalid SASL credentials.

For the oldstable distribution (squeeze), these problems have been fixed
in version 1.4.5-1+deb6u1. Note that the patch for CVE-2013-7239 was not
applied for the oldstable distribution as SASL support is not enabled in
this version. This update also provides the fix for CVE-2013-0179 which
was fixed for stable already.

For the stable distribution (wheezy), these problems have been fixed in
version 1.4.13-0.2+deb7u1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your memcached packages.