Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-4971

Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.

Related bugs and status

CVE-2011-4971 (Candidate) is related to these bugs:

Bug #1255328: Installing memcached package creates /nonexistent

Summary				In	Importance	Status
	1255328	Installing memcached package creates /nonexistent		memcached (Ubuntu)	Medium	Fix Released

Bug #1462747: Please merge with latest upstream from Debian

Summary				In	Importance	Status
	1462747	Please merge with latest upstream from Debian		memcached (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://insecurety.net/...
MISC: https://code.google.co...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://www.debian.org/...
MISC: http://www.mandriva.co...
MISC: http://www.ubuntu.com/...
MISC: https://puppet.com/sec...