Unrated severityNVD Advisory· Published Jan 13, 2014· Updated Apr 29, 2026
CVE-2013-0179
CVE-2013-0179
Description
The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.
Affected products
13cpe:2.3:a:memcached:memcached:1.4.10:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:memcached:memcached:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:memcached:memcached:1.4.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- code.google.com/p/memcached/issues/detailnvdExploitPatch
- secunia.com/advisories/56183nvdVendor Advisory
- www.openwall.com/lists/oss-security/2013/01/14/4nvd
- www.openwall.com/lists/oss-security/2013/01/14/6nvd
- www.securityfocus.com/bid/64978nvd
- www.ubuntu.com/usn/USN-2080-1nvd
- bugzilla.redhat.com/show_bug.cginvd
- code.google.com/p/memcached/issues/attachmentTextnvd
- code.google.com/p/memcached/wiki/ReleaseNotes1417nvd
News mentions
0No linked articles in our index yet.