CVE-2010-1152

memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information.
References
Link Resource
http://blogs.sun.com/security/entry/input_validation_vulnerability_in_memcached
http://code.google.com/p/memcached/issues/detail?id=102 Exploit
http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9 Patch
http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719 Patch
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://marc.info/?l=oss-security&m=127074597129559&w=2 Patch
http://marc.info/?l=oss-security&m=127075341110616&w=2 Patch
http://marc.info/?l=oss-security&m=127075808518733&w=2 Patch
http://secunia.com/advisories/39306 Vendor Advisory
http://securitytracker.com/id?1023839
http://www.vupen.com/english/advisories/2011/0442
http://blogs.sun.com/security/entry/input_validation_vulnerability_in_memcached
http://code.google.com/p/memcached/issues/detail?id=102 Exploit
http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9 Patch
http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719 Patch
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://marc.info/?l=oss-security&m=127074597129559&w=2 Patch
http://marc.info/?l=oss-security&m=127075341110616&w=2 Patch
http://marc.info/?l=oss-security&m=127075808518733&w=2 Patch
http://secunia.com/advisories/39306 Vendor Advisory
http://securitytracker.com/id?1023839
http://www.vupen.com/english/advisories/2011/0442
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:memcachedb:memcached:*:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.0.1:beta:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.0.2:beta:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.1.0:beta:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.2.0:beta:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.2.1:beta:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:memcachedb:memcached:1.4.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:13

Type Values Removed Values Added
References () http://blogs.sun.com/security/entry/input_validation_vulnerability_in_memcached - () http://blogs.sun.com/security/entry/input_validation_vulnerability_in_memcached -
References () http://code.google.com/p/memcached/issues/detail?id=102 - Exploit () http://code.google.com/p/memcached/issues/detail?id=102 - Exploit
References () http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9 - Patch () http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9 - Patch
References () http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719 - Patch () http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719 - Patch
References () http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html - () http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html -
References () http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html - () http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html -
References () http://marc.info/?l=oss-security&m=127074597129559&w=2 - Patch () http://marc.info/?l=oss-security&m=127074597129559&w=2 - Patch
References () http://marc.info/?l=oss-security&m=127075341110616&w=2 - Patch () http://marc.info/?l=oss-security&m=127075341110616&w=2 - Patch
References () http://marc.info/?l=oss-security&m=127075808518733&w=2 - Patch () http://marc.info/?l=oss-security&m=127075808518733&w=2 - Patch
References () http://secunia.com/advisories/39306 - Vendor Advisory () http://secunia.com/advisories/39306 - Vendor Advisory
References () http://securitytracker.com/id?1023839 - () http://securitytracker.com/id?1023839 -
References () http://www.vupen.com/english/advisories/2011/0442 - () http://www.vupen.com/english/advisories/2011/0442 -

Information

Published : 2010-04-12 18:30

Updated : 2024-11-21 01:13


NVD link : CVE-2010-1152

Mitre link : CVE-2010-1152

CVE.ORG link : CVE-2010-1152


JSON object : View

Products Affected

memcachedb

  • memcached
CWE
CWE-20

Improper Input Validation