#VU11322 Memory corruption in memcached
Vulnerability identifier: #VU11322
Vulnerability risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
memcached
Server applications /
Web servers
Vendor: Memcached
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to boundary error when running in verbose mode. A remote attacker can submit a specially crafted request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree", and cause the service to crash.
Mitigation
Update to version 1.4.17.
Vulnerable software versions
memcached: 1.4.0 - 1.4.16
External links
http://code.google.com/archive/p/memcached/issues/306
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
