CVE-2009-2415

EUVD-2009-2411
Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
memcachedbmemcached
1.1.12
memcachedbmemcached
1.2.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
memcached
bookworm
1.6.18-1
fixed
bullseye
1.6.9+dfsg-1
fixed
sid
1.6.32-2
fixed
trixie
1.6.32-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
memcached
dapper
Fixed 1.1.12-1+etch1build0.6.06.1
released
hardy
Fixed 1.2.2-1+lenny1build0.8.04.1
released
intrepid
Fixed 1.2.2-1+lenny1build0.8.10.1
released
jaunty
Fixed 1.2.2-1+lenny1build0.9.04.1
released
Common Weakness Enumeration
References
http://osvdb.org/56906
http://secunia.com/advisories/36133
http://secunia.com/advisories/37729
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.diff.gz
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.diff.gz
http://www.debian.org/security/2009/dsa-1853
http://www.securityfocus.com/bid/35989
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00836.html
http://osvdb.org/56906
http://secunia.com/advisories/36133
http://secunia.com/advisories/37729
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.diff.gz
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.diff.gz
http://www.debian.org/security/2009/dsa-1853
http://www.securityfocus.com/bid/35989
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00836.html