CVE-2013-0179

Publication date 15 January 2013

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.

Read the notes from the security team

Status

Package Ubuntu Release Status
memcached 13.10 saucy
Fixed 1.4.14-0ubuntu4.1
13.04 raring
Fixed 1.4.14-0ubuntu1.13.04.1
12.10 quantal
Fixed 1.4.14-0ubuntu1.12.10.1
12.04 LTS precise
Fixed 1.4.13-0ubuntu2.1
11.10 oneiric Ignored end of life
10.04 LTS lucid Ignored end of life
8.04 LTS hardy Ignored end of life

Notes

jdstrand

requires '-vv' with is non-default

mdeslaur

The second commit in the bug report was split out into two additional CVEs, CVE-2013-7290 and CVE-2013-7291.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
memcached

References

Related Ubuntu Security Notices (USN)

    • USN-2080-1
    • Memcached vulnerabilities
    • 13 January 2014

Other references