In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-10-27
Updated
2023-11-07
memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.
Max CVSS
7.5
EPSS Score
0.05%
Published
2023-08-22
Updated
2023-09-08
Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-02-03
Updated
2023-02-10
Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-08-22
Updated
2023-08-25
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.
Max CVSS
7.5
EPSS Score
5.52%
Published
2020-03-24
Updated
2020-03-27
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.
Max CVSS
7.5
EPSS Score
1.32%
Published
2019-08-30
Updated
2020-05-26
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
Max CVSS
7.5
EPSS Score
19.08%
Published
2019-04-29
Updated
2020-05-26
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.
Max CVSS
7.5
EPSS Score
1.02%
Published
2018-03-13
Updated
2020-08-24

CVE-2018-1000115

Public exploit
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
Max CVSS
7.5
EPSS Score
96.97%
Published
2018-03-05
Updated
2021-08-04
The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.
Max CVSS
7.5
EPSS Score
0.95%
Published
2017-07-17
Updated
2019-10-03
An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
Max CVSS
8.1
EPSS Score
90.00%
Published
2017-01-06
Updated
2022-04-19
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
Max CVSS
9.8
EPSS Score
86.73%
Published
2017-01-06
Updated
2022-04-19
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
Max CVSS
9.8
EPSS Score
86.73%
Published
2017-01-06
Updated
2022-04-19
memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.
Max CVSS
4.8
EPSS Score
1.56%
Published
2014-01-13
Updated
2018-03-25

CVE-2011-4971

Public exploit
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
Max CVSS
5.0
EPSS Score
6.62%
Published
2013-12-12
Updated
2018-03-25
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!