CVE-2011-4971
Memcached < 1.4.5 - Numeric Error
Title source: ruleDescription
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
Exploits (1)
metasploit
WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/misc/memcached.rb
References (8)
Scores
EPSS
0.4607
EPSS Percentile
97.6%
Details
CWE
CWE-189
Status
published
Products (8)
memcached/memcached
1.2.7
memcached/memcached
1.2.8
memcached/memcached
1.4.0
memcached/memcached
1.4.1
memcached/memcached
1.4.2
memcached/memcached
1.4.3
memcached/memcached
1.4.4
memcached/memcached
< 1.4.5
Published
Dec 12, 2013
Tracked Since
Feb 18, 2026