CVE-2009-1494

Name of the Vulnerable Software and Affected Versions: Memcached version 1.2.8

Description: The issue allows remote attackers to obtain potentially sensitive information by sending a specific command to the daemon's TCP port. This is due to the process stat function disclosing memory-allocation statistics in response to a stats malloc command.

Recommendations: For Memcached version 1.2.8, consider restricting access to the daemon's TCP port to minimize the risk of exploitation. As a temporary workaround, avoid using the process stat function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.