First published: Thu Dec 12 2013(Updated: )
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Php Memcached | =1.4.2 | |
Php Memcached | =1.2.7 | |
Php Memcached | =1.4.4 | |
Php Memcached | =1.4.3 | |
Php Memcached | <=1.4.5 | |
Php Memcached | =1.4.0 | |
Php Memcached | =1.2.8 | |
Php Memcached | =1.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-4971 is characterized as a denial of service vulnerability due to integer signedness errors.
To address CVE-2011-4971, upgrade Memcached to version 1.4.6 or later where the vulnerability has been patched.
CVE-2011-4971 affects Memcached versions 1.4.5 and earlier, along with various earlier versions.
Yes, CVE-2011-4971 can be exploited by remote attackers to crash the Memcached server.
The processes 'process_bin_sasl_auth', 'process_bin_complete_sasl_auth', 'process_bin_update', and 'process_bin_append_prepend' are vulnerable in CVE-2011-4971.