Sign in / up

back to article Memcached has a crash-me bug, but hey, only about 83,000 public-facing servers appear to be running it

An annoying security flaw been disclosed and promptly fixed in the fairly popular memcached distributed data-caching software. On Monday morning a netizen with the handle IceJi publicly revealed the presence of that could be exploited to crash the software: specifically, the flaw is a buffer-overflow in the binary protocol …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. A Non e-mouse Silver badge

    It seems 1.6 is the bleeding edge for Memcached so I'd have thought fewer people would be affected.

    0 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Not in this devops, CI/CD containerised world, where the latest shiny is preferred.

      5 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        preferred? I would have said 'demanded'.

        3 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    Article heading says "{* SECURITY *}".....but.....

    .....what happened to "{* TESTING *}" ???

    *

    Ah.....sorry....forgot about Scrum, Agile, DevOps......."Testing" is so last century!

    0 0 Reply
  3. Michael Wojcik Silver badge

    Typical

    Tainted data used as the length argument to memcpy. That's not even a mistake; it's laziness, pure and simple.

    Of course even in this code snippet we have C code written by someone who doesn't know that sizeof is an operator, not a function, and its argument does not need to be parenthesized unless it's a type name.

    Most developers simply don't have the discipline to write in C.

    And an unconstrained overflow of an automatic-storage-class1 very likely is an RCE vulnerability on popular platforms. It's the classic RCE, going back to Levi and to Morris before him.

    1"Stack", though C does not require a traditional contiguous stack, and the language does not use that term.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like