CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46852
https://notcve.org/view.php?id=CVE-2023-46852
In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. En Memcached anterior a 1.6.22, existe un desbordamiento del búfer al procesar solicitudes de obtención múltiple en modo proxy, si hay muchos espacios después de la subcadena "get". • https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 https://github.com/memcached/memcached/compare/1.6.21...1.6.22 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46853
https://notcve.org/view.php?id=CVE-2023-46853
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. En Memcached anterior a 1.6.22, existe un error uno por uno al procesar solicitudes de proxy en modo proxy, si se usa \n en lugar de \r\n. • https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa https://github.com/memcached/memcached/compare/1.6.21...1.6.22 • CWE-193: Off-by-one Error •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26635
https://notcve.org/view.php?id=CVE-2022-26635
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly. PHP-Memcached versiones v2.2.0 y anteriores, contiene una terminación NULL inapropiada que permite a atacantes ejecutar una inyección CLRF • https://github.com/php-memcached-dev/php-memcached/issues/519 https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2019-15026
https://notcve.org/view.php?id=CVE-2019-15026
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. memcached 1.5.16, cuando se utilizan sockets UNIX, tiene una sobre-lectura de buffer basada en la pila en conn_to_str en memcached.c. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00060.html https://github.com/memcached/memcached/commit/554b56687a19300a75ec24184746b5512580c819 https://github.com/memcached/memcached/wiki/ReleaseNotes1517 https://lists.debian.org/debian-lts-announce/2019/09/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOD422IS2OPXRDID5EKFZHFUHK2BLQGJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYGUBOEM5HX4GRMWVEKOJUFICF77ME47 https:/& • CWE-125: Out-of-bounds Read •