CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46853 – Ubuntu Security Notice USN-6476-1
https://notcve.org/view.php?id=CVE-2023-46853
27 Oct 2023 — In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. En Memcached anterior a 1.6.22, existe un error uno por uno al procesar solicitudes de proxy en modo proxy, si se usa \n en lugar de \r\n. It was discovered that Memcached incorrectly handled certain multiget requests in proxy mode. A remote attacker could use this issue to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code. It was di... • https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa • CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46852 – Ubuntu Security Notice USN-6476-1
https://notcve.org/view.php?id=CVE-2023-46852
27 Oct 2023 — In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. En Memcached anterior a 1.6.22, existe un desbordamiento del búfer al procesar solicitudes de obtención múltiple en modo proxy, si hay muchos espacios después de la subcadena "get". It was discovered that Memcached incorrectly handled certain multiget requests in proxy mode. A remote attacker could use this issue to cause Memcached to crash, resulting in a... • https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37519
https://notcve.org/view.php?id=CVE-2021-37519
03 Feb 2023 — Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file. • https://github.com/memcached/memcached/issues/805 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26635
https://notcve.org/view.php?id=CVE-2022-26635
05 Apr 2022 — PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly. PHP-Memcached versiones v2.2.0 y anteriores, contiene una terminación NULL inapropiada que permite a atacantes ejecutar una inyección CLRF • https://github.com/php-memcached-dev/php-memcached/issues/519 •