Memcached < 1.4.3 No Newline Memory Consumption DoS

medium Nessus Network Monitor Plugin ID 5514

Synopsis

The remote host is vulnerable to a denial of service attack.

Description

The remote host is running memcached, a distributed memory object caching system. The installed version of memcached is earlier than 1.4.3. Such versions are potentially affected by a denial of service vulnerability because the application continues to read in new data, reallocating its input buffer until a newline character is received which could lead to excessive memory consumption. An attacker, exploiting this flaw, could crash the affected service.

Solution

Upgrade to memcached 1.4.3 or later.

See Also

http://bugs.pardus.org.tr/show_bug.cgi?id=12672

http://code.google.com/p/memcached/issues/detail?id=102

http://code.google.com/p/memcached/wiki/ReleaseNotes143

Plugin Details

Severity: Medium

ID: 5514

Family: Generic

Published: 4/20/2010

Updated: 3/6/2019

Nessus ID: 45579

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:memcachedb:memcached

Patch Publication Date: 11/7/2009

Vulnerability Publication Date: 10/28/2009

Reference Information

CVE: CVE-2010-1152

BID: 39577