Lucene search

Veracode Vulnerability DatabaseVERACODE:44049

HistoryOct 29, 2023 - 10:30 a.m.

Off-by-one Error

2023-10-2910:30:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

memcached

vulnerability

code execution

server crash

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

memcached is vulnerable to Off-by-one Error. An attacker could exploit this vulnerability by sending a specially crafted proxy request to a vulnerable Memcached server when \n is used instead of \r\n. The server would then attempt to process the request, which would cause the server to crash. The attacker could then use the crash to execute arbitrary code on the server.

CPENameOperatorVersion
memcached:sideq1.6.9+dfsg-1
memcached:sideq1.6.9+dfsg-1

CPE	Name	Operator	Version
	memcached:sid	eq	1.6.9+dfsg-1
	memcached:sid	eq	1.6.9+dfsg-1

References

github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa

github.com/memcached/memcached/compare/1.6.21...1.6.22

security-tracker.debian.org/tracker/CVE-2023-46853

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

Related for VERACODE:44049