Memcached < 1.4.3 No Newline Memory Consumption DoS

Medium Nessus Network Monitor Plugin ID 5514

Synopsis

The remote host is vulnerable to a denial of service attack.

Description

The remote host is running memcached, a distributed memory object caching system. The installed version of memcached is earlier than 1.4.3. Such versions are potentially affected by a denial of service vulnerability because the application continues to read in new data, reallocating its input buffer until a newline character is received which could lead to excessive memory consumption. An attacker, exploiting this flaw, could crash the affected service.

Solution

Upgrade to memcached 1.4.3 or later.

See Also

http://bugs.pardus.org.tr/show_bug.cgi?id=12672

http://code.google.com/p/memcached/issues/detail?id=102

http://code.google.com/p/memcached/wiki/ReleaseNotes143

Plugin Details

Severity: Medium

ID: 5514

File Name: 5514.prm

Family: Generic

Published: 2010/04/20

Modified: 2016/01/21

Nessus ID: 45579

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2009/11/07

Vulnerability Publication Date: 2009/10/28

Reference Information

CVE: CVE-2010-1152

BID: 39577