CVE-2013-7290

Name of the Vulnerable Software and Affected Versions memcached versions prior to 1.4.17

Description The issue affects memcached, allowing remote attackers to cause problems with the confidentiality, integrity, and availability of protected information. A specific problem is in the do item get function in items.c, which, when running in verbose mode, can cause a denial of service (segmentation fault) via a request to delete a key. This happens because the key lacks a null terminator, triggering a buffer over-read when printing to stderr.

Recommendations For memcached versions prior to 1.4.17, update to version 1.4.17 or later to resolve the issue. As a temporary workaround, consider disabling verbose mode until a patch is available. Restrict access to memcached to minimize the risk of exploitation. Avoid using the delete key request in the affected memcached versions until the issue is resolved.