CVE-2013-7290

The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
1.8 UNKNOWN
ADJACENT_NETWORK
HIGH
AV:A/AC:H/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
memcachedmemcached
1.4.4
memcachedmemcached
1.4.5
memcachedmemcached
1.4.6
memcachedmemcached
1.4.7
memcachedmemcached
1.4.8
memcachedmemcached
1.4.9
memcachedmemcached
1.4.10
memcachedmemcached
1.4.11
memcachedmemcached
1.4.12
memcachedmemcached
1.4.13
memcachedmemcached
1.4.14
memcachedmemcached
1.4.15
memcachedmemcached
1.4.16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
memcached
bookworm
1.6.18-1
fixed
bullseye
1.6.9+dfsg-1
fixed
sid
1.6.32-2
fixed
trixie
1.6.32-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
memcached
lucid
ignored
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/64988
https://code.google.com/p/memcached/issues/detail?id=306
https://code.google.com/p/memcached/wiki/ReleaseNotes1417
http://www.securityfocus.com/bid/64988
https://code.google.com/p/memcached/issues/detail?id=306
https://code.google.com/p/memcached/wiki/ReleaseNotes1417