Vulnerability Details : CVE-2010-1152
Potential exploit
memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information.
Vulnerability category: Denial of service
Products affected by CVE-2010-1152
- cpe:2.3:a:memcachedb:memcached:*:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.0.2:beta:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.2.1:beta:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.2.0:beta:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.0.1:beta:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.0.0:beta:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:memcachedb:memcached:1.4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-1152
22.72%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-1152
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-1152
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1152
-
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:013
-
http://www.vupen.com/english/advisories/2011/0442
Webmail | OVH- OVH
-
http://code.google.com/p/memcached/issues/detail?id=102
Google Code Archive - Long-term storage for Google Code Project Hosting.Exploit
-
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:012
-
http://marc.info/?l=oss-security&m=127074597129559&w=2
'[oss-security] CVE request -- memcached' - MARCPatch
-
http://marc.info/?l=oss-security&m=127075341110616&w=2
'Re: [oss-security] CVE request -- memcached' - MARCPatch
-
http://marc.info/?l=oss-security&m=127075808518733&w=2
'Re: [oss-security] CVE request -- memcached' - MARCPatch
-
http://securitytracker.com/id?1023839
memcached try_read_command() Function Lets Remote Users Deny Service - SecurityTracker
-
http://secunia.com/advisories/39306
Sign inVendor Advisory
-
http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719
Use strncmp when checking for large ascii multigets. · memcached/memcached@d9cd01e · GitHubPatch
-
http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9
Issue 102: Piping null to the server will crash it · memcached/memcached@75cc836 · GitHubPatch
-
http://blogs.sun.com/security/entry/input_validation_vulnerability_in_memcached
Jump to