High severity7.5NVD Advisory· Published Mar 5, 2018· Updated Jun 17, 2026
CVE-2018-1000115
CVE-2018-1000115
Description
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
39- osv-coords38 versionspkg:rpm/opensuse/memcached&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-ha&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/keepalived&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/memcached&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/memcached&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/memcached&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/memcached&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/memcached&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/memcached&distro=SUSE%20Studio%20Onsite%20Runner%201.3pkg:rpm/suse/monasca-installer&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-dashboard-theme-SUSE&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron-fwaas&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-tempest&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-psql2mysql&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-psutil&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-py&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-waitress&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rabbitmq-server&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-activeresource&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-json-1_7&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/zookeeper&distro=SUSE%20OpenStack%20Cloud%207
< 1.6.9-2.3+ 37 more
- (no CPE)range: < 1.6.9-2.3
- (no CPE)range: < 2.2.3.0-12.2
- (no CPE)range: < 4.0+git.1580209654.1d112d31f-9.66.5
- (no CPE)range: < 4.0+git.1521473535.67d2302-4.28.1
- (no CPE)range: < 3.0+git.1521471181.2b39130da-39.10.1
- (no CPE)range: < 4.0+git.1522325467.43e431f91-9.30.1
- (no CPE)range: < 4.6.5-1.14.1
- (no CPE)range: < 2.0.19-1.8.1
- (no CPE)range: < 4.6.3-5.1
- (no CPE)range: < 1.4.39-4.6.1
- (no CPE)range: < 1.4.39-4.6.1
- (no CPE)range: < 1.2.6-5.17.3.1
- (no CPE)range: < 1.5.17-3.6.1
- (no CPE)range: < 1.2.6-5.17.3.1
- (no CPE)range: < 1.2.6-5.17.3.1
- (no CPE)range: < 20180608_12.47-12.1
- (no CPE)range: < 2016.2-5.12.4
- (no CPE)range: < 3.0.1~dev30-4.12.2
- (no CPE)range: < 3.0.1~dev30-4.12.3
- (no CPE)range: < 9.0.2~dev5-4.9.3
- (no CPE)range: < 9.0.2~dev5-4.9.4
- (no CPE)range: < 14.0.11~dev13-4.40.2
- (no CPE)range: < 14.0.11~dev13-4.40.2
- (no CPE)range: < 12.2.1~a0~dev177-4.9.1
- (no CPE)range: < 1.8.19-3.23.1
- (no CPE)range: < 2.8.1-4.12.1
- (no CPE)range: < 0.5.0+git.1589351878.4ef877c-1.12.1
- (no CPE)range: < 1.2.1-21.1
- (no CPE)range: < 1.8.1-11.12.1
- (no CPE)range: < 4.0.2-3.17.1
- (no CPE)range: < 1.4.3-3.3.1
- (no CPE)range: < 3.4.4-3.16.1
- (no CPE)range: < 7.20180803-3.18.3
- (no CPE)range: < 4.0.0-3.3.1
- (no CPE)range: < 3.9.2-7.20.1
- (no CPE)range: < 1.7.7-3.3.1
- (no CPE)range: < 2.16.0-4.6.1
- (no CPE)range: < 3.4.10-6.1
Patches
Vulnerability mechanics
References
14- github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974nvdPatchThird Party Advisory
- www.exploit-db.com/exploits/44264/nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/44265/nvdExploitThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHBA-2018:2140nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1593nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:1627nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2331nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2857nvdThird Party Advisory
- blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.htmlnvdThird Party Advisory
- github.com/memcached/memcached/issues/348nvdIssue TrackingThird Party Advisory
- twitter.com/dormando/status/968579781729009664nvdThird Party Advisory
- usn.ubuntu.com/3588-1/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4218nvdThird Party Advisory
- www.synology.com/support/security/Synology_SA_18_07nvdThird Party Advisory
News mentions
0No linked articles in our index yet.