CVE-2009-1494

The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
memcachedbmemcached
1.2.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
memcached
bookworm
1.6.18-1
fixed
bullseye
1.6.9+dfsg-1
fixed
etch
not-affected
lenny
not-affected
sid
1.6.32-2
fixed
trixie
1.6.32-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
memcached
dapper
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
memcached
suse enterprise sap 15
1.5.6-2.10
fixed
suse enterprise sap 15 SP1
1.5.6-2.10
fixed
suse enterprise server 15
1.5.6-2.10
fixed
suse enterprise server 15 SP1
1.5.6-2.10
fixed
memcached-devel
suse enterprise sap 15
1.5.6-2.10
fixed
suse enterprise sap 15 SP1
1.5.6-2.10
fixed
suse enterprise server 15
1.5.6-2.10
fixed
suse enterprise server 15 SP1
1.5.6-2.10
fixed
Common Weakness Enumeration
References
http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98
http://code.google.com/p/memcachedb/source/detail?r=98
http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c
http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e
http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz
https://exchange.xforce.ibmcloud.com/vulnerabilities/50444
http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98
http://code.google.com/p/memcachedb/source/detail?r=98
http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c
http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e
http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz
https://exchange.xforce.ibmcloud.com/vulnerabilities/50444