CVE-2013-7291 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Memcached

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources

Severity

1.8LOWNVD

EPSS

0.2%

top 56.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Memcached Debian Memcached

Timeline

PublishedJan 13

Latest updateMay 14

Description

memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree," a different vulnerability than CVE-2013-0179 and CVE-2013-7290.

CVSS vector

AV:A/AC:H/C:N/I:N/A:PExploitability: 3.2 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/memcached< memcached 1.4.20-1 (bookworm)

▶Debianmemcached/memcached< 1.4.20-1+3

▶NVDmemcached/memcached1.4.16+16

Patches

Patch: code.google.com ↗Patch: code.google.com ↗Patch: code.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-837m-gcpw-m94w: memcached before 1↗2022-05-14

▶

OSV

CVE-2013-7291: memcached before 1↗2014-01-13

▶

📋Vendor Advisories

Red Hat

memcached: remote DoS (crash) via a request that triggers "unbounded key print"↗2013-01-08

▶

Debian

CVE-2013-7291: memcached - memcached before 1.4.17, when running in verbose mode, allows remote attackers t...↗2013

▶

💬Community

Bugzilla

CVE-2013-7291 memcached: remote DoS (crash) via a request that triggers "unbounded key print"↗2014-01-14

▶

Bugzilla

CVE-2013-7291 CVE-2013-7290 memcached: various flaws [epel-5]↗2014-01-14

▶

Bugzilla

CVE-2013-7291 CVE-2013-7290 memcached: various flaws [fedora-all]↗2014-01-14

▶