CVE-2013-7239 — Improper Authentication in Memcached

CWE-287 — Improper Authentication7 documents7 sources

Severity

4.8MEDIUMNVD

EPSS

0.3%

top 46.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Memcached Debian Memcached

Timeline

PublishedJan 13

Latest updateMay 14

Description

memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.

CVSS vector

AV:A/AC:L/C:P/I:P/A:NExploitability: 6.5 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/memcached< memcached 1.4.13-0.3 (bookworm)

▶Debianmemcached/memcached< 1.4.13-0.3+3

▶NVDmemcached/memcached1.4.16+16

Patches

Patch: code.google.com ↗Patch: code.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-v5qw-pp2p-cvpr: memcached before 1↗2022-05-14

▶

OSV

CVE-2013-7239: memcached before 1↗2014-01-13

▶

📋Vendor Advisories

Ubuntu

Memcached vulnerabilities↗2014-01-13

▶

Red Hat

memcached: SASL authentication allows wrong credentials to access memcache↗2013-04-19

▶

Debian

CVE-2013-7239: memcached - memcached before 1.4.17 allows remote attackers to bypass authentication by send...↗2013

▶

💬Community

Bugzilla

CVE-2013-7239 memcached: SASL authentication allows wrong credentials to access memcache↗2013-12-30

▶