Vulnerabilities > Memcached
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-9951 | Unspecified vulnerability in Memcached The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. | 5.0 |
| 2017-01-06 | CVE-2016-8706 | Integer Overflow or Wraparound vulnerability in Memcached An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | 6.8 |
| 2017-01-06 | CVE-2016-8705 | Integer Overflow or Wraparound vulnerability in Memcached Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | 7.5 |
| 2017-01-06 | CVE-2016-8704 | Integer Overflow or Wraparound vulnerability in Memcached An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | 7.5 |
| 2014-01-13 | CVE-2013-7291 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Memcached memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree," a different vulnerability than CVE-2013-0179 and CVE-2013-7290. | 1.8 |
| 2014-01-13 | CVE-2013-7290 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Memcached The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179. | 1.8 |
| 2014-01-13 | CVE-2013-7239 | Improper Authentication vulnerability in Memcached memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. | 4.8 |
| 2014-01-13 | CVE-2013-0179 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Memcached The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr. | 1.8 |
| 2013-12-12 | CVE-2011-4971 | Numeric Errors vulnerability in Memcached Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet. | 5.0 |