858676 – (CVE-2013-7291) VUL-1: CVE-2013-7291: memcached: remote DoS (crash) via a request that triggers "unbounded key print"

Bug 858676 (CVE-2013-7291) - VUL-1: CVE-2013-7291: memcached: remote DoS (crash) via a request that triggers "unbounded key print"

Summary: VUL-1: CVE-2013-7291: memcached: remote DoS (crash) via a request that trigge...

Status:	RESOLVED INVALID

Alias:	CVE-2013-7291

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-01-14 11:50 UTC by Sebastian Krahmer
Modified:	2018-03-26 14:43 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2014-01-14 11:50:14 UTC

rh#1052864



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1052864

Comment 1 Sebastian Krahmer 2014-01-14 11:53:48 UTC

CVE-2013-7291

Comment 2 Swamp Workflow Management 2014-01-14 23:00:30 UTC

bugbot adjusting priority

Comment 4 Sebastian Krahmer 2014-01-29 10:00:54 UTC

low severity -> VUL-1

Comment 5 Bernhard Wiedemann 2014-06-25 14:00:39 UTC

This is an autogenerated message for OBS integration:
This bug (858676) was mentioned in
https://build.opensuse.org/request/show/238633 13.1+12.3 / memcached

Comment 6 Swamp Workflow Management 2014-07-03 14:05:12 UTC

openSUSE-SU-2014:0867-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 798458,817781,857188,858676,858677
CVE References: CVE-2011-4971,CVE-2013-0179,CVE-2013-7239,CVE-2013-7290,CVE-2013-7291
Sources used:
openSUSE 13.1 (src):    memcached-1.4.20-6.4.1
openSUSE 12.3 (src):    memcached-1.4.20-3.4.1

Comment 7 Marcus Rückert 2014-07-07 15:14:34 UTC

those are the only bugs that still need some fixing on sle 11.

Comment 8 Swamp Workflow Management 2014-07-30 18:48:39 UTC

openSUSE-SU-2014:0951-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 798458,817781,857188,858676,858677
CVE References: CVE-2011-4971,CVE-2013-0179,CVE-2013-7239,CVE-2013-7290,CVE-2013-7291
Sources used:
openSUSE 11.4 (src):    memcached-1.4.20-7.1

Comment 9 Johannes Segitz 2015-03-11 14:13:32 UTC

this is not something that would happen on a production system (need to run as -vv). DOS on a dev system is not something we are concerned about.

Comment 10 Swamp Workflow Management 2018-03-22 16:29:15 UTC

SUSE-SU-2018:0778-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1007869,1007870,1007871,1056865,798458,817781,857188,858676,858677
CVE References: CVE-2011-4971,CVE-2013-0179,CVE-2013-7239,CVE-2013-7290,CVE-2013-7291,CVE-2016-8704,CVE-2016-8705,CVE-2016-8706,CVE-2017-9951
Sources used:
SUSE OpenStack Cloud 7 (src):    memcached-1.4.39-3.3.2
SUSE Enterprise Storage 4 (src):    memcached-1.4.39-3.3.2

Comment 11 Swamp Workflow Management 2018-03-26 13:11:01 UTC

SUSE-SU-2018:0807-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 1007869,1007870,1007871,1056865,798458,817781,857188,858676,858677
CVE References: CVE-2011-4971,CVE-2013-0179,CVE-2013-7239,CVE-2013-7290,CVE-2013-7291,CVE-2016-8704,CVE-2016-8705,CVE-2016-8706,CVE-2017-9951
Sources used:
SUSE OpenStack Cloud 6 (src):    memcached-1.4.39-3.3.1