CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46852
https://notcve.org/view.php?id=CVE-2023-46852
In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. En Memcached anterior a 1.6.22, existe un desbordamiento del búfer al procesar solicitudes de obtención múltiple en modo proxy, si hay muchos espacios después de la subcadena "get". • https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 https://github.com/memcached/memcached/compare/1.6.21...1.6.22 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46853
https://notcve.org/view.php?id=CVE-2023-46853
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. En Memcached anterior a 1.6.22, existe un error uno por uno al procesar solicitudes de proxy en modo proxy, si se usa \n en lugar de \r\n. • https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa https://github.com/memcached/memcached/compare/1.6.21...1.6.22 • CWE-193: Off-by-one Error •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26635
https://notcve.org/view.php?id=CVE-2022-26635
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly. PHP-Memcached versiones v2.2.0 y anteriores, contiene una terminación NULL inapropiada que permite a atacantes ejecutar una inyección CLRF • https://github.com/php-memcached-dev/php-memcached/issues/519 https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read •
CVSS: 7.5EPSS: 21%CPEs: 4EXPL: 1CVE-2019-11596 – memcached: null-pointer dereference in "lru mode" and "lru temp_ttl" causing denial of service
https://notcve.org/view.php?id=CVE-2019-11596
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c. memcached versiones anteriores a la 1.5.14, se encontró una desreferencia a un puntero NULL en los comandos "lru mode" y "lru temp_ttl". Esto causa una denegación de servicio cuando se analizan mensajes de comandos lru en process_lru_command en memcached.c. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00060.html https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02 https://github.com/memcached/memcached/compare/ee1cfe3...50bdc9f https://github.com/memcached/memcached/issues/474 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUE3QBMP5UWTXMPKJREUICH6DIK6SOBX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2CCWRM4LHB253KG5SPOKRVDCXQX5VZR https://usn.ubun • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 96%CPEs: 11EXPL: 2CVE-2018-1000115 – Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service
https://notcve.org/view.php?id=CVE-2018-1000115
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default. Memcached 1.5.5 contiene una vulnerabilidad de control insuficiente de volumen de mensaje de red (amplificación de red, CWE-406) en el soporte UDP del servidor memcached que puede resultar en una denegación de servicio (DoS) mediante una inundación de red (fuentes fiables reportan una amplificación de tráfico de 1:50.000). Este ataque parece ser explotable mediante conectividad de red en el puerto UDP 11211. • https://www.exploit-db.com/exploits/44264 https://www.exploit-db.com/exploits/44265 https://access.redhat.com/errata/RHBA-2018:2140 https://access.redhat.com/errata/RHSA-2018:1593 https://access.redhat.com/errata/RHSA-2018:1627 https://access.redhat.com/errata/RHSA-2018:2331 https://access.redhat.com/errata/RHSA-2018:2857 https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974 https:/ • CWE-400: Uncontrolled Resource Consumption •