1
PublicDateAtUSN: 2013-01-15
2
Candidate: CVE-2013-0179
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0179
6
https://usn.ubuntu.com/usn/usn-2080-1
8
The process_bin_delete function in memcached.c in memcached 1.4.4 and other
9
versions before 1.4.17, when running in verbose mode, allows remote
10
attackers to cause a denial of service (segmentation fault) via a request
11
to delete a key, which does not account for the lack of a null terminator
12
in the key and triggers a buffer over-read when printing to stderr.
15
jdstrand> requires '-vv' with is non-default
16
mdeslaur> The second commit in the bug report was split out into two
17
mdeslaur> additional CVEs, CVE-2013-7290 and CVE-2013-7291.
19
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698231
20
https://code.google.com/p/memcached/issues/detail?id=306
21
https://bugzilla.redhat.com/show_bug.cgi?id=895054
23
Discovered-by: Jeremy Sowden
27
upstream: https://github.com/memcached/memcached/commit/0f605245cf3f37c2efe4e225237ad17256ea2a34
28
upstream: https://github.com/memcached/memcached/commit/fbe823d9a61b5149cd6e3b5e17bd28dd3b8dd760
29
upstream_memcached: needs-triage
30
hardy_memcached: ignored (reached end-of-life)
31
lucid_memcached: ignored (reached end-of-life)
32
oneiric_memcached: ignored (reached end-of-life)
33
precise_memcached: released (1.4.13-0ubuntu2.1)
34
quantal_memcached: released (1.4.14-0ubuntu1.12.10.1)
35
raring_memcached: released (1.4.14-0ubuntu1.13.04.1)
36
saucy_memcached: released (1.4.14-0ubuntu4.1)
37
devel_memcached: released (1.4.14-0ubuntu9)