CVE-2013-0179: Buffer Overflow

First published: Mon Jan 14 2013(Updated: )

Description of problem: When run with "-vv", on receipt of a binary-protocol deletion request, memcached prints out the key to be deleted in a way that can lead to a buffer overrun and crash. Version-Release number of selected component (if applicable): 1.4.4, although this currently affects all later versions. How reproducible: Run memcached with "-vv", use memrm to send deletion requests and observe output. Steps to Reproduce: 1. memcached -p 12345 -vv 2>&1 | grep '^Deleting' 2. memrm --servers localhost:12345 --binary ABCDEF xyz 3. Check the output from memcached. Actual results: [jsowden:~] $ memcached -p 2300 -m 64 -c 1024 -r -vv 2>&1 | grep 'Deleting' Deleting ABCDEF Deleting xyzDEF Expected results: [jsowden:~] $ memcached -p 2300 -m 64 -c 1024 -r -vv 2>&1 | grep 'Deleting' Deleting ABCDEF Deleting xyz Additional info: I've opened a bug report upstream: <a href="https://code.google.com/p/memcached/issues/detail?id=306">https://code.google.com/p/memcached/issues/detail?id=306</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Memcached Memcached	=1.4.4
Memcached Memcached	=1.4.5
Memcached Memcached	=1.4.6
Memcached Memcached	=1.4.7
Memcached Memcached	=1.4.8
Memcached Memcached	=1.4.9
Memcached Memcached	=1.4.10
Memcached Memcached	=1.4.11
Memcached Memcached	=1.4.12
Memcached Memcached	=1.4.13
Memcached Memcached	=1.4.14
Memcached Memcached	=1.4.15
Memcached Memcached	=1.4.16

Remedy

https://code.google.com/p/memcached/issues/detail?id=306

CVE-2013-0179: Buffer Overflow

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact