Jeremy Sowden

**Name of the Vulnerable Software and Affected Versions** memcached versions 1.4.4 through 1.4.17 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to disruption of confidentiality, integrity, and availability of protected information. This can be triggered by a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr. The `process bin delete` function in memcached.c is specifically affected when running in verbose mode. **Recommendations** For memcached versions 1.4.4 through 1.4.17, update to version 1.4.17 or later to resolve the issue. As a temporary workaround, consider disabling verbose mode to minimize the risk of exploitation. Restrict access to the `process bin delete` function in memcached.c to minimize the risk of disruption.