Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2011-4971 — Memcached vulnerability
Severity
5.0MEDIUMNVD
EPSS
46.1%
top 2.36%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedDec 12
Latest updateApr 21
Description
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9
Affected Packages3 packages
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-pj3v-4mjw-vvpv: Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_a↗2022-05-14
OSV▶
CVE-2011-4971: Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_a↗2013-12-12
💥Exploits & PoCs
1📋Vendor Advisories
3📄Research Papers
2💬Community
4Bugzilla
▶