CVE-2011-4971 — Vulnetix

Try Vulnetix Request Demo

CVE-2011-4971 PUBLISHED CVSS 5 MEDIUM

Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.

EPSS 46.07% · 97.6th percentile

Risk Scores

CVSS v2.0

5

EPSS Score

46.07%

97.6th percentile

Affected Products

Vendor	Product	Versions
memcached	memcached	0, 1.2.7, 1.2.8
n/a	n/a	n/a

Timeline

Dec 12, 2013 CVE Published
May 29, 2018 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 25, 2023 EPSS Score

References

http://insecurety.net/?p=872 url
MDVSA-2013:280 vendor-advisory
https://code.google.com/p/memcached/issues/detail?id=192 url
USN-2080-1 vendor-advisory
59567 vdb
https://puppet.com/security/cve/cve-2011-4971 url
DSA-2832 vendor-advisory
56183 third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2011-4971 advisory

Open in Interactive Console →