Page 3 of 18 results (0.014 seconds)

CVSS: 1.8EPSS: 0%CPEs: 13EXPL: 1

The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179. La función do_item_get en items.c de memcached 1.4.4 y otras versiones anteriores a 1.4.17, cuando se ejecutan en modo verboso, permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) a través de una petición para eliminar una clave, que no cuenta la falta de un terminador nulo en la clave y desencadena una sobre-lectura de búfer cuando se imprime hacia stderr, una vulnerabilidad diferente a CVE-2013-0179. • http://www.securityfocus.com/bid/64988 https://code.google.com/p/memcached/issues/detail?id=306 https://code.google.com/p/memcached/wiki/ReleaseNotes1417 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 1.8EPSS: 1%CPEs: 13EXPL: 1

The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr. La función process_bin_delete en memcached.c de memcached 1.4.4 y otras versiones anteriores a 1.4.17, cuando se ejecutan en modo verboso, permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) a través de una petición que elimina una clave, que no tiene en cuenta la falta de un terminador nulo en la clave y desencadena una sobre-lectura de búfer cuando se imprime hacia stderr. • http://secunia.com/advisories/56183 http://www.openwall.com/lists/oss-security/2013/01/14/4 http://www.openwall.com/lists/oss-security/2013/01/14/6 http://www.securityfocus.com/bid/64978 http://www.ubuntu.com/usn/USN-2080-1 https://bugzilla.redhat.com/show_bug.cgi?id=895054 https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch&token=3GEzHThBL5cxmUrsYANkW03RrNY%3A1358179503096 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.8EPSS: 1%CPEs: 17EXPL: 0

memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. memcached anterior 1.4.17 permite a atacantes remotos evadir la autenticación mediante el envío de una petición inválida con credenciales SASL, luego enviar otra petición con credenciales SASL incorrectas. • http://seclists.org/oss-sec/2013/q4/572 http://secunia.com/advisories/56183 http://www.debian.org/security/2014/dsa-2832 http://www.securityfocus.com/bid/64559 http://www.ubuntu.com/usn/USN-2080-1 https://code.google.com/p/memcached/wiki/ReleaseNotes1417 • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 7%CPEs: 8EXPL: 2

Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet. Múltiples errores de signo de enteros en funciones (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend de Memcached 1.4.5 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de un gran valor de longitud de cuerpo en un paquete. • http://insecurety.net/?p=872 http://secunia.com/advisories/56183 http://www.debian.org/security/2014/dsa-2832 http://www.mandriva.com/security/advisories?name=MDVSA-2013:280 http://www.securityfocus.com/bid/59567 http://www.ubuntu.com/usn/USN-2080-1 https://code.google.com/p/memcached/issues/detail?id=192 https://puppet.com/security/cve/cve-2011-4971 • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 10%CPEs: 21EXPL: 2

memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information. memcached.c en memcached anterior a v1.4.3 permite a atacantes remotos provocar una denegación de servicio (fallo o bloqueo del demonio) a través de una línea larga que dispara la asignación de memoria excesiva. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • https://www.exploit-db.com/exploits/33850 http://blogs.sun.com/security/entry/input_validation_vulnerability_in_memcached http://code.google.com/p/memcached/issues/detail?id=102 http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9 http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://marc.info/?l= • CWE-20: Improper Input Validation •