CVE-2009-1494 — Sensitive Information Exposure in Memcached

CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 33.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Memcached Debian Memcached Memcachedb Memcached

Timeline

PublishedApr 30

Latest updateMay 2

Description

The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/memcached< memcached 1.2.8-1 (bookworm)

▶Debianmemcached/memcached< 1.2.8-1+3

▶NVDmemcachedb/memcached1.2.8

Patches

Patch: code.google.com ↗Patch: code.google.com ↗Patch: groups.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-57m3-vpr5-77vh: The process_stat function in Memcached 1↗2022-05-02

▶

OSV

CVE-2009-1494: The process_stat function in Memcached 1↗2009-04-30

▶

📋Vendor Advisories

Red Hat

memcached: multiple vulnerabilities↗2009-04-28

▶

Debian

CVE-2009-1494: memcached - The process_stat function in Memcached 1.2.8 discloses memory-allocation statist...↗2009

▶

💬Community

Bugzilla

CVE-2009-1255, CVE-2009-1494 memcached: multiple vulnerabilities↗2009-04-29

▶