#VU11322 Memory corruption in memcached - CVE-2013-7291
Published: March 29, 2018
Vulnerability identifier: #VU11322
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2013-7291
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
memcached
memcached
Software vendor:
Memcached
Memcached
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to boundary error when running in verbose mode. A remote attacker can submit a specially crafted request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree", and cause the service to crash.
The weakness exists due to boundary error when running in verbose mode. A remote attacker can submit a specially crafted request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree", and cause the service to crash.
Remediation
Update to version 1.4.17.