CVE-2018-1000115
N/A
N/A
Summary
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHBA-2018:2140
- https://access.redhat.com/errata/RHSA-2018:1593
- https://usn.ubuntu.com/3588-1/
- https://github.com/memcached/memcached/wiki/ReleaseNotes156
- https://www.exploit-db.com/exploits/44264/
- https://twitter.com/dormando/status/968579781729009664
- https://www.exploit-db.com/exploits/44265/
- https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
- https://access.redhat.com/errata/RHSA-2018:2857
- https://access.redhat.com/errata/RHSA-2018:1627
- https://access.redhat.com/errata/RHSA-2018:2331
- https://www.debian.org/security/2018/dsa-4218
- https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html
- https://github.com/memcached/memcached/issues/348
- https://www.synology.com/support/security/Synology_SA_18_07
References
- https://access.redhat.com/errata/RHBA-2018:2140
- https://access.redhat.com/errata/RHSA-2018:1593
- https://usn.ubuntu.com/3588-1/
- https://github.com/memcached/memcached/wiki/ReleaseNotes156
- https://www.exploit-db.com/exploits/44264/
- https://twitter.com/dormando/status/968579781729009664
- https://www.exploit-db.com/exploits/44265/
- https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
- https://access.redhat.com/errata/RHSA-2018:2857
- https://access.redhat.com/errata/RHSA-2018:1627
- https://access.redhat.com/errata/RHSA-2018:2331
- https://www.debian.org/security/2018/dsa-4218
- https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html
- https://github.com/memcached/memcached/issues/348
- https://www.synology.com/support/security/Synology_SA_18_07
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.