Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-0179

The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.

Related bugs and status

CVE-2013-0179 (Candidate) is related to these bugs:

Bug #1255328: Installing memcached package creates /nonexistent

Summary				In	Importance	Status
	1255328	Installing memcached package creates /nonexistent		memcached (Ubuntu)	Medium	Fix Released

Bug #1462747: Please merge with latest upstream from Debian

Summary				In	Importance	Status
	1462747	Please merge with latest upstream from Debian		memcached (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://www.ubuntu.com/...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: https://bugzilla.redha...
MISC: https://code.google.co...
MISC: https://code.google.co...
MISC: https://code.google.co...