CVE-2013-0179

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-0179
The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.

1.8 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:H/Au:N/C:N/I:N/A:P

Exploitability : 3.2 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/56183 Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/01/14/4
http://www.openwall.com/lists/oss-security/2013/01/14/6
http://www.securityfocus.com/bid/64978
http://www.ubuntu.com/usn/USN-2080-1
https://bugzilla.redhat.com/show_bug.cgi?id=895054
https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch&token=3GEzHThBL5cxmUrsYANkW03RrNY%3A1358179503096
https://code.google.com/p/memcached/issues/detail?id=306 Exploit Patch
https://code.google.com/p/memcached/wiki/ReleaseNotes1417
http://secunia.com/advisories/56183 Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/01/14/4
http://www.openwall.com/lists/oss-security/2013/01/14/6
http://www.securityfocus.com/bid/64978
http://www.ubuntu.com/usn/USN-2080-1
https://bugzilla.redhat.com/show_bug.cgi?id=895054
https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch&token=3GEzHThBL5cxmUrsYANkW03RrNY%3A1358179503096
https://code.google.com/p/memcached/issues/detail?id=306 Exploit Patch
https://code.google.com/p/memcached/wiki/ReleaseNotes1417
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:memcached:memcached:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:memcached:memcached:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:memcached:memcached:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:memcached:memcached:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:memcached:memcached:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:memcached:memcached:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:memcached:memcached:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:memcached:memcached:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:memcached:memcached:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:memcached:memcached:1.4.13:*:*:*:*:*:*:*
cpe:2.3:a:memcached:memcached:1.4.14:*:*:*:*:*:*:*
cpe:2.3:a:memcached:memcached:1.4.15:*:*:*:*:*:*:*
cpe:2.3:a:memcached:memcached:1.4.16:*:*:*:*:*:*:*
History

21 Nov 2024, 01:47

Type Values Removed Values Added
References () http://secunia.com/advisories/56183 - Vendor Advisory () http://secunia.com/advisories/56183 - Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2013/01/14/4 - () http://www.openwall.com/lists/oss-security/2013/01/14/4 -
References () http://www.openwall.com/lists/oss-security/2013/01/14/6 - () http://www.openwall.com/lists/oss-security/2013/01/14/6 -
References () http://www.securityfocus.com/bid/64978 - () http://www.securityfocus.com/bid/64978 -
References () http://www.ubuntu.com/usn/USN-2080-1 - () http://www.ubuntu.com/usn/USN-2080-1 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=895054 - () https://bugzilla.redhat.com/show_bug.cgi?id=895054 -
References () https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch&token=3GEzHThBL5cxmUrsYANkW03RrNY%3A1358179503096 - () https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch&token=3GEzHThBL5cxmUrsYANkW03RrNY%3A1358179503096 -
References () https://code.google.com/p/memcached/issues/detail?id=306 - Exploit, Patch () https://code.google.com/p/memcached/issues/detail?id=306 - Exploit, Patch
References () https://code.google.com/p/memcached/wiki/ReleaseNotes1417 - () https://code.google.com/p/memcached/wiki/ReleaseNotes1417 -
Information

Published : 2014-01-13 21:55

Updated : 2024-11-21 01:47

NVD link : CVE-2013-0179

Mitre link : CVE-2013-0179

CVE.ORG link : CVE-2013-0179

JSON object : View

Products Affected

memcached

  • memcached
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024