Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:25290
HistoryMay 10, 2020 - 11:24 p.m.

Denial Of Service (DoS)

2020-05-1023:24:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
23
memcached
vulnerability
denial of service
signed
unsigned
comparison
segmentation fault
heap-based buffer over-read
incomplete fix

EPSS

0.867

Percentile

98.6%

memcached is vulnerable to denial of service (DoS). The vulnerability exists as the try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.