CVE-2011-4971
Memcached Remote Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
Múltiples errores de signo de enteros en funciones (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend de Memcached 1.4.5 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de un gran valor de longitud de cuerpo en un paquete.
Stefan Bucur discovered that Memcached incorrectly handled certain large body lengths. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service. Jeremy Sowden discovered that Memcached incorrectly handled logging certain details when the -vv option was used. An attacker could use this issue to cause Memcached to crash, resulting in a denial of service. It was discovered that Memcached incorrectly handled SASL authentication. A remote attacker could use this issue to bypass SASL authentication completely. This issue only affected Ubuntu 12.10, Ubuntu 13.04 and Ubuntu 13.10. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-12-23 CVE Reserved
- 2013-11-22 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-05-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/56183 | Third Party Advisory | |
http://www.securityfocus.com/bid/59567 | Vdb Entry | |
https://puppet.com/security/cve/cve-2011-4971 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://packetstorm.news/files/id/180545 | 2024-08-31 | |
http://insecurety.net/?p=872 | 2024-08-07 | |
https://code.google.com/p/memcached/issues/detail?id=192 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2014/dsa-2832 | 2018-03-25 | |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:280 | 2018-03-25 | |
http://www.ubuntu.com/usn/USN-2080-1 | 2018-03-25 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | <= 1.4.5 Search vendor "Memcached" for product "Memcached" and version " <= 1.4.5" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.2.7 Search vendor "Memcached" for product "Memcached" and version "1.2.7" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.2.8 Search vendor "Memcached" for product "Memcached" and version "1.2.8" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.0 Search vendor "Memcached" for product "Memcached" and version "1.4.0" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.1 Search vendor "Memcached" for product "Memcached" and version "1.4.1" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.2 Search vendor "Memcached" for product "Memcached" and version "1.4.2" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.3 Search vendor "Memcached" for product "Memcached" and version "1.4.3" | - |
Affected
| ||||||
Memcached Search vendor "Memcached" | Memcached Search vendor "Memcached" for product "Memcached" | 1.4.4 Search vendor "Memcached" for product "Memcached" and version "1.4.4" | - |
Affected
|