rpm package
suse/memcached&distro=SUSE Linux Enterprise Server 12 SP3
pkg:rpm/suse/memcached&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1000115 | Hig | 7.5 | < 1.4.39-4.6.1 | 1.4.39-4.6.1 | Mar 5, 2018 | Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported | |
| CVE-2017-9951 | Hig | 7.5 | < 1.4.39-4.3.1 | 1.4.39-4.3.1 | Jul 17, 2017 | The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. N |
- affected < 1.4.39-4.6.1fixed 1.4.39-4.6.1
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported
- affected < 1.4.39-4.3.1fixed 1.4.39-4.3.1
The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. N