CVE-2013-7290 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Memcached

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents6 sources

Severity

1.8LOWNVD

EPSS

0.2%

top 56.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Memcached Debian Memcached

Timeline

PublishedJan 13

Latest updateMay 14

Description

The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179.

CVSS vector

AV:A/AC:H/C:N/I:N/A:PExploitability: 3.2 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/memcached< memcached 1.4.13-0.2 (bookworm)+1

▶Debianmemcached/memcached< 1.4.20-1+7

▶NVDmemcached/memcached1.4.16+17

Patches

Patch: code.google.com ↗Patch: code.google.com ↗Patch: code.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-73g2-74h6-466w: The do_item_get function in items↗2022-05-14

▶

GHSA

GHSA-837m-gcpw-m94w: memcached before 1↗2022-05-14

▶

OSV

CVE-2013-7291: memcached before 1↗2014-01-13

▶

OSV

CVE-2013-7290: The do_item_get function in items↗2014-01-13

▶

📋Vendor Advisories

Red Hat

memcached: remote DoS (crash) via a request that triggers "unbounded key print"↗2013-01-08

▶

Red Hat

memcached: remote DoS (segmentation fault) via a request to delete a key↗2013-01-08

▶

Debian

CVE-2013-7290: memcached - The do_item_get function in items.c in memcached 1.4.4 and other versions before...↗2013

▶

Debian

CVE-2013-7291: memcached - memcached before 1.4.17, when running in verbose mode, allows remote attackers t...↗2013

▶

💬Community

Bugzilla

CVE-2013-7290 memcached: remote DoS (segmentation fault) via a request to delete a key↗2014-01-14

▶

Bugzilla

CVE-2013-7291 memcached: remote DoS (crash) via a request that triggers "unbounded key print"↗2014-01-14

▶

Bugzilla

CVE-2013-7291 CVE-2013-7290 memcached: various flaws [epel-5]↗2014-01-14

▶

Bugzilla

CVE-2013-7291 CVE-2013-7290 memcached: various flaws [fedora-all]↗2014-01-14

▶