Memcached
CVE-2013-0179
LOW
Severity by source
AV:A/AC:H/Au:N/C:N/I:N/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:A/AC:H/Au:N/C:N/I:N/A:P
Lifecycle Timeline
1DescriptionCVE.org
The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.
AnalysisAI
The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation. Rated low severity (CVSS 1.8). Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr. Affected products include: Memcached. Version information: before 1.4.17.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multipl
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple com
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. R
The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of ser
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary pr
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. Rated hi
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vuln
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used inste
Observable timing discrepancy in memcached prior to version 1.6.42 enables remote attackers to enumerate valid SASL auth
In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. Rated hi
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today