It seems 1.6 is the bleeding edge for Memcached so I'd have thought fewer people would be affected.
Memcached has a crash-me bug, but hey, only about 83,000 public-facing servers appear to be running it
An annoying security flaw been disclosed and promptly fixed in the fairly popular memcached distributed data-caching software. On Monday morning a netizen with the handle IceJi publicly revealed the presence of that could be exploited to crash the software: specifically, the flaw is a buffer-overflow in the binary protocol …
COMMENTS
-
Wednesday 25th March 2020 14:46 GMT Michael Wojcik
Typical
Tainted data used as the length argument to memcpy. That's not even a mistake; it's laziness, pure and simple.
Of course even in this code snippet we have C code written by someone who doesn't know that sizeof is an operator, not a function, and its argument does not need to be parenthesized unless it's a type name.
Most developers simply don't have the discipline to write in C.
And an unconstrained overflow of an automatic-storage-class1 very likely is an RCE vulnerability on popular platforms. It's the classic RCE, going back to Levi and to Morris before him.
1"Stack", though C does not require a traditional contiguous stack, and the language does not use that term.