Page 2 of 24 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly. PHP-Memcached versiones v2.2.0 y anteriores, contiene una terminación NULL inapropiada que permite a atacantes ejecutar una inyección CLRF • https://github.com/php-memcached-dev/php-memcached/issues/519 https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read •

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1

Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. Memcached versiones 1.6.x anteriores a la versión 1.6.2, permite a atacantes remotos causar una denegación de servicio (bloqueo del demonio) por medio de un encabezado de protocolo binario diseñado para la función try_read_command_binary en el archivo memcached.c. • https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305 https://github.com/memcached/memcached/issues/629 https://github.com/memcached/memcached/wiki/ReleaseNotes162 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. memcached 1.5.16, cuando se utilizan sockets UNIX, tiene una sobre-lectura de buffer basada en la pila en conn_to_str en memcached.c. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00060.html https://github.com/memcached/memcached/commit/554b56687a19300a75ec24184746b5512580c819 https://github.com/memcached/memcached/wiki/ReleaseNotes1517 https://lists.debian.org/debian-lts-announce/2019/09/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOD422IS2OPXRDID5EKFZHFUHK2BLQGJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYGUBOEM5HX4GRMWVEKOJUFICF77ME47 https:/& • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 21%CPEs: 4EXPL: 1

In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c. memcached versiones anteriores a la 1.5.14, se encontró una desreferencia a un puntero NULL en los comandos "lru mode" y "lru temp_ttl". Esto causa una denegación de servicio cuando se analizan mensajes de comandos lru en process_lru_command en memcached.c. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00060.html https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02 https://github.com/memcached/memcached/compare/ee1cfe3...50bdc9f https://github.com/memcached/memcached/issues/474 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUE3QBMP5UWTXMPKJREUICH6DIK6SOBX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2CCWRM4LHB253KG5SPOKRVDCXQX5VZR https://usn.ubun • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0

memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later. memcached, en versiones anteriores a la 1.4.37, contiene una vulnerabilidad de desbordamiento de enteros en items.c:item_free() que puede resultar en la corrupción de datos y en deadlocks debido a que los ítems en la tabla de hash se reusan de la lista libre. Este ataque parece ser explotable mediante conectividad de red en el servicio memcached. La vulnerabilidad parece haber sido solucionada en las versiones 1.4.37 y siguientes. • https://access.redhat.com/errata/RHSA-2018:2290 https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00 https://github.com/memcached/memcached/issues/271 https://github.com/memcached/memcached/wiki/ReleaseNotes1437 https://lists.debian.org/debian-lts-announce/2018/03/msg00031.html https://usn.ubuntu.com/3601-1 https://www.debian.org/security/2018/dsa-4218 https://access.redhat.com/security/cve/CVE-2018-1000127 https://bugzilla.redhat.com/show_bug.cgi?id=1555064 • CWE-190: Integer Overflow or Wraparound CWE-667: Improper Locking •