Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 498078 (CVE-2013-7290) - <net-misc/memcached-1.4.17: Denial of Service (CVE-2013-{7290,7291})
Summary: <net-misc/memcached-1.4.17: Denial of Service (CVE-2013-{7290,7291})
Status: RESOLVED FIXED
Alias: CVE-2013-7290
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-14 17:07 UTC by GLSAMaker/CVETool Bot
Modified: 2014-06-19 11:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2014-01-14 17:07:50 UTC
CVE-2013-7291 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7291):
  memcached before 1.4.17, when running in verbose mode, allows remote
  attackers to cause a denial of service (crash) via a request that triggers
  an "unbounded key print" during logging, related to an issue that was
  "quickly grepped out of the source tree," a different vulnerability than
  CVE-2013-0179 and CVE-2013-7290.

CVE-2013-7290 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7290):
  The do_item_get function in items.c in memcached 1.4.4 and other versions
  before 1.4.17, when running in verbose mode, allows remote attackers to
  cause a denial of service (segmentation fault) via a request to delete a
  key, which does not account for the lack of a null terminator in the key and
  triggers a buffer over-read when printing to stderr, a different
  vulnerability than CVE-2013-0179.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2014-06-08 16:26:34 UTC
Added to existing GLSA draft.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-06-15 00:48:13 UTC
This issue was resolved and addressed in
 GLSA 201406-13 at http://security.gentoo.org/glsa/glsa-201406-13.xml
by GLSA coordinator Chris Reffett (creffett).
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-06-19 11:49:56 UTC
This issue was resolved and addressed in
 GLSA 201406-13 at http://security.gentoo.org/glsa/glsa-201406-13.xml
by GLSA coordinator Chris Reffett (creffett).