PT-2018-9294 · Memcached+3 · Memcached+3

037

Published

2018-03-04

Updated

2024-06-15

CVE-2018-1000115

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Memcached version 1.5.5

Description: The issue is related to an Insufficient Control of Network Message Volume in the UDP support of the memcached server, which can result in denial of service via network flood. The traffic amplification ratio is reported to be 1:50,000. This can be exploited via network connectivity to port 11211 UDP.

Recommendations: For Memcached version 1.5.5, update to version 1.5.6, which fixes the issue by disabling the UDP protocol by default.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2018-1347

ALT-PU-2018-2764

CVE-2018-1000115

DSA-4218-1

MGASA-2018-0165

OPENSUSE-SU-2024:11045-1

RHSA-2018:1593

RHSA-2018:1627

RHSA-2018:2331

RHSA-2018:2857

SUSE-RU-2018:1071-1

SUSE-RU-2020:2072-1

SUSE-SU-2018:0955-1

SUSE-SU-2018:1103-1

SUSE-SU-2018:1326-1

SUSE-SU-2018_0955-1

SUSE-SU-2018_1326-1

USN-3588-1

Affected Products

Alt Linux

Memcached

Suse

Ubuntu

PT-2018-9294 · Memcached+3 · Memcached+3

CVE-2018-1000115

Weakness Enumeration

Related Identifiers

Affected Products

References · 127