GoogleOSV:DSA-2832-1memcached - several
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.071 Low
EPSS
Percentile
93.0%
Multiple vulnerabilities have been found in memcached, a high-performance
memory object caching system. The Common Vulnerabilities and Exposures
project identifies the following issues:
- CVE-2011-4971
Stefan Bucur reported that memcached could be caused to crash by
sending a specially crafted packet. - CVE-2013-7239
It was reported that SASL authentication could be bypassed due to a
flaw related to the managment of the SASL authentication state. With
a specially crafted request, a remote attacker may be able to
authenticate with invalid SASL credentials.
For the oldstable distribution (squeeze), these problems have been fixed
in version 1.4.5-1+deb6u1. Note that the patch for CVE-2013-7239 was not
applied for the oldstable distribution as SASL support is not enabled in
this version. This update also provides the fix for CVE-2013-0179 which
was fixed for stable already.
For the stable distribution (wheezy), these problems have been fixed in
version 1.4.13-0.2+deb7u1.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your memcached packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| memcached | eq | 1.4.13-0.2 |
References
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.071 Low
EPSS
Percentile
93.0%