Skip to main content

Memcached CVE-2013-0179

LOW
Buffer Overflow (CWE-119)
2014-01-13 secalert@redhat.com
1.8
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
1.8 LOW
AV:A/AC:H/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:A/AC:H/Au:N/C:N/I:N/A:P
Attack Vector
Adjacent
Attack Complexity
High
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Jan 13, 2014 - 21:55 cve.org
LOW 1.8

DescriptionCVE.org

The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.

AnalysisAI

The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation. Rated low severity (CVSS 1.8). Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr. Affected products include: Memcached. Version information: before 1.4.17.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2016-8706 HIGH POC
8.1 Jan 06

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of

CVE-2016-8704 CRITICAL POC
9.8 Jan 06

An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multipl

CVE-2016-8705 CRITICAL POC
9.8 Jan 06

Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple com

CVE-2022-26635 CRITICAL POC
9.8 Apr 05

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. R

CVE-2017-9951 HIGH POC
7.5 Jul 17

The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of ser

CVE-2020-10931 HIGH POC
7.5 Mar 24

Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary pr

CVE-2019-11596 HIGH POC
7.5 Apr 29

In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. Rated hi

CVE-2018-1000115 HIGH POC
7.5 Mar 05

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vuln

CVE-2023-46853 CRITICAL
9.8 Oct 27

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used inste

CVE-2026-47783 HIGH
8.1 May 20

Observable timing discrepancy in memcached prior to version 1.6.42 enables remote attackers to enumerate valid SASL auth

CVE-2023-46852 HIGH
7.5 Oct 27

In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many

CVE-2019-15026 HIGH
7.5 Aug 30

memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. Rated hi

Share

CVE-2013-0179 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy