Memcached has a crash-me bug, but hey, only about 83,000 public-facing servers appears to be running it

Memcached has a crash-me bug, but hey, only about 83,000 public-facing servers appears to be running it

Yes, you may have detected some sarcasm


An annoying security flaw been disclosed and promptly fixed in the fairly popular memcached distributed data-caching software.


On Monday morning a netizen with the handle IceJi publicly revealed the presence of that could be exploited to crash the software: specifically, the flaw is a buffer-overflow in the binary protocol header in memcached versions 1.6.0 and 1.6.1. Developers were not warned of the bug prior to the public disclosure.


A project maintainer, Dormando, told The Register that the bug was addressed just hours after being reported, and admins can get the fix by updating to the new version 1.6.2.


The flaw itself appears to be down to a simple missing sanity check on the parameter extlen in an memcpy() function call:



6178 char extbuf[sizeof( ..

Support the originator by clicking the read the rest link below.