VYPR
Unrated severityNVD Advisory· Published Apr 30, 2009· Updated Jun 16, 2026

CVE-2009-1255

CVE-2009-1255

Description

The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

16
  • Memcached/Memcached16 versions
    cpe:2.3:a:memcachedb:memcached:*:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:memcachedb:memcached:*:*:*:*:*:*:*:*range: <=1.2.0
    • cpe:2.3:a:memcachedb:memcached:0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:memcachedb:memcached:0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:memcachedb:memcached:0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:memcachedb:memcached:0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:memcachedb:memcached:0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:memcachedb:memcached:0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:memcachedb:memcached:1.0.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:memcachedb:memcached:1.0.1:beta:*:*:*:*:*:*
    • cpe:2.3:a:memcachedb:memcached:1.0.2:beta:*:*:*:*:*:*
    • cpe:2.3:a:memcachedb:memcached:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:memcachedb:memcached:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:memcachedb:memcached:1.1.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:memcachedb:memcached:1.2.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:memcachedb:memcached:1.2.1:beta:*:*:*:*:*:*
    • (no CPE)range: <1.2.8

Patches

Vulnerability mechanics

References

19

News mentions

0

No linked articles in our index yet.