CVE-2009-2415 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Memcached

CWE-1896 documents6 sources

Severity

10.0CRITICALNVD

EPSS

12.1%

top 6.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Memcached Debian Memcached Memcachedb Memcached

Timeline

PublishedAug 10

Latest updateMay 2

Description

Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/memcached< memcached 1.4.1-1 (bookworm)

▶Debianmemcached/memcached< 1.4.1-1+3

▶NVDmemcachedb/memcached1.1.12, 1.2.2+1

🔴Vulnerability Details

GHSA

GHSA-4r9m-gmj4-v54c: Multiple integer overflows in memcached 1↗2022-05-02

▶

OSV

CVE-2009-2415: Multiple integer overflows in memcached 1↗2009-08-10

▶

📋Vendor Advisories

Debian

CVE-2009-2415: memcached - Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers ...↗2009

▶

Red Hat

memcached: heap-based buffer overflow↗

▶

💬Community

Bugzilla

CVE-2009-2415 memcached: heap-based buffer overflow↗2009-08-10

▶