Vulnerability Description
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Memcached | Memcached | <= 1.4.5 |
Related Weaknesses (CWE)
References
- http://insecurety.net/?p=872Exploit
- http://secunia.com/advisories/56183
- http://www.debian.org/security/2014/dsa-2832
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:280
- http://www.securityfocus.com/bid/59567
- http://www.ubuntu.com/usn/USN-2080-1
- https://code.google.com/p/memcached/issues/detail?id=192ExploitPatch
- https://puppet.com/security/cve/cve-2011-4971
- http://insecurety.net/?p=872Exploit
- http://secunia.com/advisories/56183
- http://www.debian.org/security/2014/dsa-2832
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:280
- http://www.securityfocus.com/bid/59567
- http://www.ubuntu.com/usn/USN-2080-1
- https://code.google.com/p/memcached/issues/detail?id=192ExploitPatch
FAQ
What is CVE-2011-4971?
CVE-2011-4971 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and ear...
How severe is CVE-2011-4971?
CVE-2011-4971 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4971?
Check the references section above for vendor advisories and patch information. Affected products include: Memcached Memcached.