CVE-2009-1255

N/A Unknown

Published: April 30, 2009 Modified: April 23, 2026

Description

The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html

Source: cve@mitre.org

http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98

Source: cve@mitre.org

http://code.google.com/p/memcachedb/source/detail?r=98

Source: cve@mitre.org

http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c

Source: cve@mitre.org

Exploit Patch

http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e

Source: cve@mitre.org

http://osvdb.org/54127

Source: cve@mitre.org

http://secunia.com/advisories/34915

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/34932

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/35175

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2009:105

Source: cve@mitre.org

http://www.positronsecurity.com/advisories/2009-001.html

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/503064/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/34756

Source: cve@mitre.org

http://www.securitytracker.com/id?1022140

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/1196

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1197

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/50221

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html

Source: cve@mitre.org

http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98

Source: af854a3a-2127-422b-91ae-364da2661108

http://code.google.com/p/memcachedb/source/detail?r=98

Source: af854a3a-2127-422b-91ae-364da2661108

http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch

http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/54127

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34915

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/34932

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/35175

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:105

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.positronsecurity.com/advisories/2009-001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/503064/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/34756

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1022140

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/1196

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1197

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/50221

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00851.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01256.html

Source: af854a3a-2127-422b-91ae-364da2661108

38 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

2.1%

84th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-200

Affected Vendors

memcachedb

Related CVEs

CVE-2026-7024 5.4

CVE-2026-7023 6.3

CVE-2026-7022 7.3

CVE-2026-7021 3.5

CVE-2026-7020 5.6