memcached before 1.4.17, when running in verbose mode, allows remote
attackers to cause a denial of service (crash) via a request that triggers
an "unbounded key print" during logging, related to an issue that was
"quickly grepped out of the source tree," a different vulnerability than
CVE-2013-0179 and CVE-2013-7290.
The do_item_get function in items.c in memcached 1.4.4 and other versions
before 1.4.17, when running in verbose mode, allows remote attackers to
cause a denial of service (segmentation fault) via a request to delete a
key, which does not account for the lack of a null terminator in the key and
triggers a buffer over-read when printing to stderr, a different
vulnerability than CVE-2013-0179.
Added to existing GLSA draft.
This issue was resolved and addressed in
GLSA 201406-13 at http://security.gentoo.org/glsa/glsa-201406-13.xml
by GLSA coordinator Chris Reffett (creffett).