CVE-2013-0179

Name of the Vulnerable Software and Affected Versions memcached versions 1.4.4 through 1.4.17

Description The issue allows remote attackers to cause a denial of service, potentially leading to disruption of confidentiality, integrity, and availability of protected information. This can be triggered by a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr. The process bin delete function in memcached.c is specifically affected when running in verbose mode.

Recommendations For memcached versions 1.4.4 through 1.4.17, update to version 1.4.17 or later to resolve the issue. As a temporary workaround, consider disabling verbose mode to minimize the risk of exploitation. Restrict access to the process bin delete function in memcached.c to minimize the risk of disruption.