{"url":"http://public2.vulnerablecode.io/api/packages/192048?format=json","purl":"pkg:ebuild/net-misc/memcached@1.4.17","type":"ebuild","namespace":"net-misc","name":"memcached","version":"1.4.17","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.4.33","latest_non_vulnerable_version":"1.4.33","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93113?format=json","vulnerability_id":"VCID-cm45-8gft-jqhd","summary":"The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7290.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7290.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7290","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43056","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43129","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43138","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43116","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43081","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43092","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7290"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1052863","reference_id":"1052863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1052863"},{"reference_url":"https://security.gentoo.org/glsa/201406-13","reference_id":"GLSA-201406-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192048?format=json","purl":"pkg:ebuild/net-misc/memcached@1.4.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/memcached@1.4.17"}],"aliases":["CVE-2013-7290"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cm45-8gft-jqhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93108?format=json","vulnerability_id":"VCID-d17x-z4pz-8bgq","summary":"Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2415.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2415.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2415","reference_id":"","reference_type":"","scores":[{"value":"0.12077","scoring_system":"epss","scoring_elements":"0.93923","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12077","scoring_system":"epss","scoring_elements":"0.93932","published_at":"2026-06-07T12:55:00Z"},{"value":"0.12077","scoring_system":"epss","scoring_elements":"0.93931","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12077","scoring_system":"epss","scoring_elements":"0.9393","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12077","scoring_system":"epss","scoring_elements":"0.93937","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2415"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=516489","reference_id":"516489","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=516489"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540379","reference_id":"540379","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540379"},{"reference_url":"https://security.gentoo.org/glsa/201406-13","reference_id":"GLSA-201406-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192048?format=json","purl":"pkg:ebuild/net-misc/memcached@1.4.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/memcached@1.4.17"}],"aliases":["CVE-2009-2415"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d17x-z4pz-8bgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93112?format=json","vulnerability_id":"VCID-hsuj-2gvt-9bc1","summary":"memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7239.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7239.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7239","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.5351","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.5357","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53578","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53565","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53541","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53566","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7239"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7239","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7239"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1047299","reference_id":"1047299","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1047299"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733643","reference_id":"733643","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733643"},{"reference_url":"https://security.gentoo.org/glsa/201406-13","reference_id":"GLSA-201406-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-13"},{"reference_url":"https://usn.ubuntu.com/2080-1/","reference_id":"USN-2080-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2080-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192048?format=json","purl":"pkg:ebuild/net-misc/memcached@1.4.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/memcached@1.4.17"}],"aliases":["CVE-2013-7239"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hsuj-2gvt-9bc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93114?format=json","vulnerability_id":"VCID-v9vn-ckw2-bucw","summary":"memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an \"unbounded key print\" during logging, related to an issue that was \"quickly grepped out of the source tree,\" a different vulnerability than CVE-2013-0179 and CVE-2013-7290.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7291.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7291","reference_id":"","reference_type":"","scores":[{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43056","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43129","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43138","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43116","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43081","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00207","scoring_system":"epss","scoring_elements":"0.43092","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7291"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1052864","reference_id":"1052864","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1052864"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735314","reference_id":"735314","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735314"},{"reference_url":"https://security.gentoo.org/glsa/201406-13","reference_id":"GLSA-201406-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192048?format=json","purl":"pkg:ebuild/net-misc/memcached@1.4.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/memcached@1.4.17"}],"aliases":["CVE-2013-7291"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9vn-ckw2-bucw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93111?format=json","vulnerability_id":"VCID-xsfx-vjd9-puae","summary":"The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0179.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0179.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0179","reference_id":"","reference_type":"","scores":[{"value":"0.01337","scoring_system":"epss","scoring_elements":"0.80328","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01337","scoring_system":"epss","scoring_elements":"0.80353","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01337","scoring_system":"epss","scoring_elements":"0.80356","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01337","scoring_system":"epss","scoring_elements":"0.80347","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01337","scoring_system":"epss","scoring_elements":"0.80369","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0179"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0179","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0179"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698231","reference_id":"698231","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698231"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=895054","reference_id":"895054","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=895054"},{"reference_url":"https://security.gentoo.org/glsa/201406-13","reference_id":"GLSA-201406-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-13"},{"reference_url":"https://usn.ubuntu.com/2080-1/","reference_id":"USN-2080-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2080-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192048?format=json","purl":"pkg:ebuild/net-misc/memcached@1.4.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/memcached@1.4.17"}],"aliases":["CVE-2013-0179"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsfx-vjd9-puae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93110?format=json","vulnerability_id":"VCID-yqd7-9a4n-pbgb","summary":"Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4971.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4971.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4971","reference_id":"","reference_type":"","scores":[{"value":"0.46068","scoring_system":"epss","scoring_elements":"0.977","published_at":"2026-06-04T12:55:00Z"},{"value":"0.46068","scoring_system":"epss","scoring_elements":"0.97704","published_at":"2026-06-05T12:55:00Z"},{"value":"0.46068","scoring_system":"epss","scoring_elements":"0.97705","published_at":"2026-06-07T12:55:00Z"},{"value":"0.46068","scoring_system":"epss","scoring_elements":"0.97706","published_at":"2026-06-08T12:55:00Z"},{"value":"0.46068","scoring_system":"epss","scoring_elements":"0.97707","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7239","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7239"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.8","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:H/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706426","reference_id":"706426","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706426"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=957964","reference_id":"957964","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=957964"},{"reference_url":"https://security.gentoo.org/glsa/201406-13","reference_id":"GLSA-201406-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-13"},{"reference_url":"https://usn.ubuntu.com/2080-1/","reference_id":"USN-2080-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2080-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/192048?format=json","purl":"pkg:ebuild/net-misc/memcached@1.4.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/memcached@1.4.17"}],"aliases":["CVE-2011-4971"],"risk_score":1.8,"exploitability":"2.0","weighted_severity":"0.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yqd7-9a4n-pbgb"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/memcached@1.4.17"}