From $URL :
We got a report about a DoS in memcached when run with -vv (verbose
mode) and a request to delete a key is sent to the server (via memrm).
Because memcached doesn't null terminate the keys as it prints them,
fprintf may run off the end of the buffer.
This isn't a very significant issue (even without SSP/FORTIFY_SOURCE if
you could do something more malicious, memcached won't run as root).
Also note the docs indicate that memcached should only be accessible via
trusted users/hosts and not the internet at large, so the exposure
should be minimal.
Note that the patch that ago linked doesn't cover all instances of this overrun, see the bug report. Upstream hasn't released a fix yet.
The process_bin_delete function in memcached.c in memcached 1.4.4 and other
versions before 1.4.17, when running in verbose mode, allows remote
attackers to cause a denial of service (segmentation fault) via a request to
delete a key, which does not account for the lack of a null terminator in
the key and triggers a buffer over-read when printing to stderr.
Maintainers, this looks like it is fixed in 1.4.17, I am adding it to existing GLSA. Please advise if otherwise.
This issue was resolved and addressed in
GLSA 201406-13 at http://security.gentoo.org/glsa/glsa-201406-13.xml
by GLSA coordinator Chris Reffett (creffett).