Memory corruption in memcached (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2013-7291 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
memcached (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Memory corruption
EUVDB-ID: #VU11322
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2013-7291
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to boundary error when running in verbose mode. A remote attacker can submit a specially crafted request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree", and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsmemcached (Alpine package): 1.4.13-r0 - 1.4.15-r4
CPE2.3- cpe:2.3:a:alpine:memcached_alpine_package:1.4.13-r0:*:*:*:*:alpine_linux:*:2.4
- cpe:2.3:a:alpine:memcached_alpine_package:1.4.15-r0:*:*:*:*:alpine_linux:*:2.4
- cpe:2.3:a:alpine:memcached_alpine_package:1.4.15-r1:*:*:*:*:alpine_linux:*:2.4
https://git.alpinelinux.org/aports/commit/?id=01c5af01dadb92ad64c468444fcd4b58e00ccdc9
https://git.alpinelinux.org/aports/commit/?id=4f87afbb1812c23f84b54f5cebde5a4d1e0f1aae
https://git.alpinelinux.org/aports/commit/?id=d7b6f5f04e26c72962a98d8287cea33d4d63fa6c
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
