2167008 – (CVE-2021-37519) CVE-2021-37519 memcached: Buffer Overflow vulnerability in authfile.c

Bug 2167008 (CVE-2021-37519) - CVE-2021-37519 memcached: Buffer Overflow vulnerability in authfile.c

Summary: CVE-2021-37519 memcached: Buffer Overflow vulnerability in authfile.c

Keywords:
Status:	NEW
Alias:	CVE-2021-37519
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2167009 2181510 2181511
Blocks:	2180068
TreeView+	depends on / blocked

Reported:	2023-02-03 22:07 UTC by Pedro Sampaio
Modified:	2023-07-07 08:32 UTC (History)
CC List:	10 users (show)
Fixed In Version:	memcached 1.6.10
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in memcached, where it is vulnerable to a denial of service caused by a heap-based buffer overflow in the authfile.c script. By persuading a victim to open a specially-crafted file, an attacker can cause a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2023-02-03 22:07:05 UTC

Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.

References:

https://github.com/memcached/memcached/issues/805
https://github.com/memcached/memcached/pull/806/commits/264722ae4e248b453be00e97197dadc685b60fd0

Comment 1 Pedro Sampaio 2023-02-03 22:07:20 UTC

Created memcached tracking bugs for this issue:

Affects: fedora-all [bug 2167009]

Note You need to log in before you can comment on or make changes to this bug.