CVE-2011-4971
Published: 12 December 2013
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
Notes
| Author | Note |
|---|---|
| seth-arnold | memcached has zero security, ability to connect is already extremely dangerous; thus low |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
memcached Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Released
(1.4.13-0ubuntu2.1)
|
|
| quantal |
Released
(1.4.14-0ubuntu1.12.10.1)
|
|
| raring |
Released
(1.4.14-0ubuntu1.13.04.1)
|
|
| saucy |
Released
(1.4.14-0ubuntu4.1)
|
|
| upstream |
Released
(1.4.16,1.4.13-0.3)
|
|
|
Patches: upstream: https://github.com/memcached/memcached/commit/6695ccbc525c36d693aaa3e8337b36aa0c784424 |
||