037

Name of the Vulnerable Software and Affected Versions: Memcached version 1.5.5 Description: The issue is related to an Insufficient Control of Network Message Volume in the UDP support of the memcached server, which can result in denial of service via network flood. The traffic amplification ratio is reported to be 1:50,000. This can be exploited via network connectivity to port 11211 UDP. Recommendations: For Memcached version 1.5.5, update to version 1.5.6, which fixes the issue by disabling the UDP protocol by default.