memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P
Vendors Products
Memcachedb
  • Memcached

Configuration 1 [-]

OR cpe:2.3:a:memcachedb:memcached:*:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.0.1:beta:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.0.2:beta:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.1.0:beta:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.2.0:beta:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.2.1:beta:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.4.1:*:*:*:*:*:*:*
References
Link Resource
http://blogs.sun.com/security/entry/input_validation_vulnerability_in_memcached
http://code.google.com/p/memcached/issues/detail?id=102 Exploit
http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9 Patch
http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719 Patch
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://marc.info/?l=oss-security&m=127074597129559&w=2 Patch
http://marc.info/?l=oss-security&m=127075341110616&w=2 Patch
http://marc.info/?l=oss-security&m=127075808518733&w=2 Patch
http://secunia.com/advisories/39306 Vendor Advisory
http://securitytracker.com/id?1023839
http://www.vupen.com/english/advisories/2011/0442
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2010-04-12T18:00:00

Updated: 2010-04-15T09:00:00

Reserved: 2010-03-29T00:00:00

Link: CVE-2010-1152

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2010-04-12T18:30:00.837

Modified: 2023-11-07T02:05:16.160

Link: CVE-2010-1152

JSON object: View

cve-icon Redhat Information

No data.

CWE