VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 8, 2010· Updated Apr 29, 2026

CVE-2010-2060

CVE-2010-2060

Description

The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatch_cmd function in prot.c.

Affected products

16
  • Wildbit/Beanstalkd16 versions
    cpe:2.3:a:wildbit:beanstalkd:*:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:wildbit:beanstalkd:*:*:*:*:*:*:*:*range: <=1.4.5
    • cpe:2.3:a:wildbit:beanstalkd:0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:wildbit:beanstalkd:0.5:-:*:*:*:*:*:*
    • cpe:2.3:a:wildbit:beanstalkd:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:wildbit:beanstalkd:0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:wildbit:beanstalkd:0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:wildbit:beanstalkd:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:wildbit:beanstalkd:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:wildbit:beanstalkd:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:wildbit:beanstalkd:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:wildbit:beanstalkd:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:wildbit:beanstalkd:1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:wildbit:beanstalkd:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:wildbit:beanstalkd:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:wildbit:beanstalkd:1.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:wildbit:beanstalkd:1.4.4:*:*:*:*:*:*:*

Patches

1
2e8e8c6387ec

Discard job body bytes if the job is too big.

https://github.com/kr/beanstalkdKeith RarickMay 23, 2010via osv
commit
4 files changed · +7 2
  • check-one.sh+1 1 modified
    @@ -34,7 +34,7 @@ if [ ! -x ./beanstalkd ]; then
   exit 2
 fi
 
-start_beanstalkd
+start_beanstalkd '' '-z 10'
 
 # Run the test
 fgrep -v "#" $commands | $nc $server $port > "$tmpf"
  • prot.c+2 1 modified
    @@ -1196,7 +1196,8 @@ dispatch_cmd(conn c)
         if (errno) return reply_msg(c, MSG_BAD_FORMAT);
 
         if (body_size > job_data_size_limit) {
-            return reply_msg(c, MSG_JOB_TOO_BIG);
+            /* throw away the job body and respond with JOB_TOO_BIG */
+            return skip(c, body_size + 2, MSG_JOB_TOO_BIG);
         }
 
         /* don't allow trailing garbage */
  • sh-tests/too-big.commands+3 0 added
    @@ -0,0 +1,3 @@
+put 0 0 0 11

+delete 9999

+quit
  • sh-tests/too-big.expected+1 0 added
    @@ -0,0 +1 @@
+JOB_TOO_BIG

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.