CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46853 – Ubuntu Security Notice USN-6476-1
https://notcve.org/view.php?id=CVE-2023-46853
27 Oct 2023 — In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. En Memcached anterior a 1.6.22, existe un error uno por uno al procesar solicitudes de proxy en modo proxy, si se usa \n en lugar de \r\n. It was discovered that Memcached incorrectly handled certain multiget requests in proxy mode. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code. It was di... • https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa • CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46852 – Ubuntu Security Notice USN-6476-1
https://notcve.org/view.php?id=CVE-2023-46852
27 Oct 2023 — In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. En Memcached anterior a 1.6.22, existe un desbordamiento del búfer al procesar solicitudes de obtención múltiple en modo proxy, si hay muchos espacios después de la subcadena "get". It was discovered that Memcached incorrectly handled certain multiget requests in proxy mode. A remote attacker could use this issue to cause Memcached to crash, resulting in a... • https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22570
https://notcve.org/view.php?id=CVE-2020-22570
22 Aug 2023 — Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command. Memcached 1.6.0 anterior a 1.6.3 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un meta comando manipulado. • https://github.com/memcached/memcached/issues/636 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26635
https://notcve.org/view.php?id=CVE-2022-26635
05 Apr 2022 — PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly. PHP-Memcached versiones v2.2.0 y anteriores, contiene una terminación NULL inapropiada que permite a atacantes ejecutar una inyección CLRF • https://github.com/php-memcached-dev/php-memcached/issues/519 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2020-10931
https://notcve.org/view.php?id=CVE-2020-10931
24 Mar 2020 — Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. Memcached versiones 1.6.x anteriores a la versión 1.6.2, permite a atacantes remotos causar una denegación de servicio (bloqueo del demonio) por medio de un encabezado de protocolo binario diseñado para la función try_read_command_binary en el archivo memcached.c. • https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •