CVE-2023-46852
https://notcve.org/view.php?id=CVE-2023-46852
In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. En Memcached anterior a 1.6.22, existe un desbordamiento del búfer al procesar solicitudes de obtención múltiple en modo proxy, si hay muchos espacios después de la subcadena "get". • https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 https://github.com/memcached/memcached/compare/1.6.21...1.6.22 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-46853
https://notcve.org/view.php?id=CVE-2023-46853
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. En Memcached anterior a 1.6.22, existe un error uno por uno al procesar solicitudes de proxy en modo proxy, si se usa \n en lugar de \r\n. • https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa https://github.com/memcached/memcached/compare/1.6.21...1.6.22 • CWE-193: Off-by-one Error •
CVE-2020-22570
https://notcve.org/view.php?id=CVE-2020-22570
Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command. Memcached 1.6.0 anterior a 1.6.3 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un meta comando manipulado. • https://github.com/memcached/memcached/issues/636 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-26635
https://notcve.org/view.php?id=CVE-2022-26635
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly. PHP-Memcached versiones v2.2.0 y anteriores, contiene una terminación NULL inapropiada que permite a atacantes ejecutar una inyección CLRF • https://github.com/php-memcached-dev/php-memcached/issues/519 https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read •
CVE-2020-10931
https://notcve.org/view.php?id=CVE-2020-10931
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. Memcached versiones 1.6.x anteriores a la versión 1.6.2, permite a atacantes remotos causar una denegación de servicio (bloqueo del demonio) por medio de un encabezado de protocolo binario diseñado para la función try_read_command_binary en el archivo memcached.c. • https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305 https://github.com/memcached/memcached/issues/629 https://github.com/memcached/memcached/wiki/ReleaseNotes162 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •