CVE-2011-4971

Name of the Vulnerable Software and Affected Versions Memcached versions 1.4.5 and earlier Memcached versions prior to 1.4.17

Description The issue involves multiple integer signedness errors in certain functions, including process bin sasl auth, process bin complete sasl auth, process bin update, and process bin append prepend. These errors can be exploited by remote attackers to cause a denial of service, specifically a crash, by sending a packet with a large body length value. Additionally, the vulnerabilities may lead to breaches of confidentiality, integrity, and availability of protected information.

Recommendations For Memcached versions 1.4.5 and earlier, consider updating to a version later than 1.4.17 to resolve the issue. For Memcached versions prior to 1.4.17, update to version 1.4.17 or later to fix the vulnerabilities. As a temporary workaround, consider restricting access to the process bin sasl auth, process bin complete sasl auth, process bin update, and process bin append prepend functions until a patch is available.