Bug 581113 (CVE-2010-1152) - CVE-2010-1152 memcached (v1.2.8): Remote denial of service (excessive memory use, hang / crash)
Summary: CVE-2010-1152 memcached (v1.2.8): Remote denial of service (excessive memory ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2010-1152
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://code.google.com/p/memcached/is...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-04-10 09:21 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:36 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-07 06:05:19 UTC
Embargoed:

Attachments (Terms of Use)

Description Jan Lieskovsky 2010-04-10 09:21:16 UTC 
A deficiency was found:
  [1] http://code.google.com/p/memcached/issues/detail?id=102

in the way memcached processed received TCP data. A remote
attacker could use this flaw to cause denial of service (excessive
use of memory, server hang or crash).

Upstream patches:
  [3] http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9
  [4] http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719

References:
  [4] http://secunia.com/advisories/39306/
Comment 1 Jan Lieskovsky 2010-04-10 09:22:10 UTC 
This issue affects the versions of memcached package,
as shipped with Fedora release of 11.

Please fix.
Comment 2 Paul Lindner 2010-04-12 00:50:31 UTC 
I'm a bit busy at the moment, I won't be able to spin off a 1.4.5 release for F-11 for a little while.  That said this is a very minor issue as security issues go...
Comment 3 Paul Lindner 2012-02-07 06:05:19 UTC 
closed, 1.4.10 is latest release.
Note You need to log in before you can comment on or make changes to this bug.