rpm package
suse/memcached&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/memcached&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1000115 | Hig | 7.5 | < 1.2.6-5.17.3.1 | 1.2.6-5.17.3.1 | Mar 5, 2018 | Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported | |
| CVE-2017-9951 | Hig | 7.5 | < 1.2.6-5.17.4.1 | 1.2.6-5.17.4.1 | Jul 17, 2017 | The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. N | |
| CVE-2016-8705 | Cri | 9.8 | < 1.2.6-5.17.4.1 | 1.2.6-5.17.4.1 | Jan 6, 2017 | Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. |
- affected < 1.2.6-5.17.3.1fixed 1.2.6-5.17.3.1
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported
- affected < 1.2.6-5.17.4.1fixed 1.2.6-5.17.4.1
The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. N
- affected < 1.2.6-5.17.4.1fixed 1.2.6-5.17.4.1
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.