CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46853 – Ubuntu Security Notice USN-6476-1
https://notcve.org/view.php?id=CVE-2023-46853
27 Oct 2023 — In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. En Memcached anterior a 1.6.22, existe un error uno por uno al procesar solicitudes de proxy en modo proxy, si se usa \n en lugar de \r\n. It was discovered that Memcached incorrectly handled certain multiget requests in proxy mode. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code. It was di... • https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa • CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46852 – Ubuntu Security Notice USN-6476-1
https://notcve.org/view.php?id=CVE-2023-46852
27 Oct 2023 — In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. En Memcached anterior a 1.6.22, existe un desbordamiento del búfer al procesar solicitudes de obtención múltiple en modo proxy, si hay muchos espacios después de la subcadena "get". It was discovered that Memcached incorrectly handled certain multiget requests in proxy mode. A remote attacker could use this issue to cause Memcached to crash, resulting in a... • https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48571 – Ubuntu Security Notice USN-6382-1
https://notcve.org/view.php?id=CVE-2022-48571
22 Aug 2023 — memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP. It was discovered that Memcached incorrectly handled certain multi-packet uploads in UDP. An attacker could possibly use this issue to cause a denial of service. • https://github.com/memcached/memcached/commit/6b319c8c7a29e9c353dec83dc92f01905f6c8966 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22570
https://notcve.org/view.php?id=CVE-2020-22570
22 Aug 2023 — Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command. Memcached 1.6.0 anterior a 1.6.3 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un meta comando manipulado. • https://github.com/memcached/memcached/issues/636 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37519
https://notcve.org/view.php?id=CVE-2021-37519
03 Feb 2023 — Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file. • https://github.com/memcached/memcached/issues/805 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26635
https://notcve.org/view.php?id=CVE-2022-26635
05 Apr 2022 — PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly. PHP-Memcached versiones v2.2.0 y anteriores, contiene una terminación NULL inapropiada que permite a atacantes ejecutar una inyección CLRF • https://github.com/php-memcached-dev/php-memcached/issues/519 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2020-10931
https://notcve.org/view.php?id=CVE-2020-10931
24 Mar 2020 — Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. Memcached versiones 1.6.x anteriores a la versión 1.6.2, permite a atacantes remotos causar una denegación de servicio (bloqueo del demonio) por medio de un encabezado de protocolo binario diseñado para la función try_read_command_binary en el archivo memcached.c. • https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2019-15026 – Ubuntu Security Notice USN-4125-1
https://notcve.org/view.php?id=CVE-2019-15026
30 Aug 2019 — memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. memcached 1.5.16, cuando se utilizan sockets UNIX, tiene una sobre-lectura de buffer basada en la pila en conn_to_str en memcached.c. It was discovered that Memcached incorrectly handled certain UNIX sockets. An attacker could possibly use this issue to access sensitive information. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00060.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 9%CPEs: 4EXPL: 1CVE-2019-11596 – memcached: null-pointer dereference in "lru mode" and "lru temp_ttl" causing denial of service
https://notcve.org/view.php?id=CVE-2019-11596
29 Apr 2019 — In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c. memcached versiones anteriores a la 1.5.14, se encontró una desreferencia a un puntero NULL en los comandos "lru mode" y "lru temp_ttl". Esto causa una denegación de servicio cuando se analizan mensajes de comandos lru en process_lru_command en memcached.c. memcached is a high-performan... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00060.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1000127 – memcached: Integer Overflow in items.c:item_free()
https://notcve.org/view.php?id=CVE-2018-1000127
13 Mar 2018 — memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later. memcached, en versiones anteriores a la 1.4.37, contiene una vulnerabilidad de desbordamiento de enteros en items.c:item_free() que puede resul... • https://access.redhat.com/errata/RHSA-2018:2290 • CWE-190: Integer Overflow or Wraparound CWE-667: Improper Locking •