Описание
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.
A buffer overflow flaw was found in memcached 1.6.0, due to not having a mechanism to verify the length of “extlen” when calling the memcpy function if a large value is assigned to the “extlen” variable. This flaw causes a denial of service and presents a significant risk to system availability.
Отчет
This issue did not affect the versions of memcached as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they did not include the vulnerable code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | memcached | Not affected | ||
| Red Hat Enterprise Linux 7 | memcached | Not affected | ||
| Red Hat Enterprise Linux 8 | memcached | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | memcached | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | memcached | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial ...
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.
7.5 High
CVSS3