CVE-2013-0179

2013-01-1500:00:00

ubuntu.com

1.8 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:H/Au:N/C:N/I:N/A:P

0.016 Low

EPSS

Percentile

87.2%

JSON

The process_bin_delete function in memcached.c in memcached 1.4.4 and other
versions before 1.4.17, when running in verbose mode, allows remote
attackers to cause a denial of service (segmentation fault) via a request
to delete a key, which does not account for the lack of a null terminator
in the key and triggers a buffer over-read when printing to stderr.

Bugs

Notes

Author	Note
jdstrand	requires ‘-vv’ with is non-default
mdeslaur	The second commit in the bug report was split out into two additional CVEs, CVE-2013-7290 and CVE-2013-7291.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchmemcached< 1.4.13-0ubuntu2.1UNKNOWN
ubuntu12.10noarchmemcached< 1.4.14-0ubuntu1.12.10.1UNKNOWN
ubuntu13.04noarchmemcached< 1.4.14-0ubuntu1.13.04.1UNKNOWN
ubuntu13.10noarchmemcached< 1.4.14-0ubuntu4.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	memcached	< 1.4.13-0ubuntu2.1	UNKNOWN
ubuntu	12.10	noarch	memcached	< 1.4.14-0ubuntu1.12.10.1	UNKNOWN
ubuntu	13.04	noarch	memcached	< 1.4.14-0ubuntu1.13.04.1	UNKNOWN
ubuntu	13.10	noarch	memcached	< 1.4.14-0ubuntu4.1	UNKNOWN