CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:H/Au:N/C:N/I:N/A:P
EPSS
Percentile
87.4%
The process_bin_delete function in memcached.c in memcached 1.4.4 and other
versions before 1.4.17, when running in verbose mode, allows remote
attackers to cause a denial of service (segmentation fault) via a request
to delete a key, which does not account for the lack of a null terminator
in the key and triggers a buffer over-read when printing to stderr.
Author | Note |
---|---|
jdstrand | requires ‘-vv’ with is non-default |
mdeslaur | The second commit in the bug report was split out into two additional CVEs, CVE-2013-7290 and CVE-2013-7291. |