CVE-2011-4971

Priority
Low
Description
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2)
process_bin_complete_sasl_auth, (3) process_bin_update, and (4)
process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow
remote attackers to cause a denial of service (crash) via a large body
length value in a packet.
References
Bugs
Notes
sarnold> memcached has zero security, ability to connect is already
extremely dangerous; thus low
Assigned-to
mdeslaur
Package
Upstream:released (1.4.16,1.4.13-0.3)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.4.13-0ubuntu2.1)
Ubuntu 12.10 (Quantal Quetzal):released (1.4.14-0ubuntu1.12.10.1)
Ubuntu 13.04 (Raring Ringtail):released (1.4.14-0ubuntu1.13.04.1)
Ubuntu 13.10 (Saucy Salamander):released (1.4.14-0ubuntu4.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.4.14-0ubuntu9)
Patches:
Upstream:https://github.com/memcached/memcached/commit/6695ccbc525c36d693aaa3e8337b36aa0c784424
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-13 22:14:37 UTC (commit 7631)