CVE-2023-27478

Name of the Vulnerable Software and Affected Versions libmemcached-awesome versions prior to 1.1.4

Description The issue is related to insufficient protection of service data when handling the POLL TIMEOUT parameter, which could allow a remote attacker to gain unauthorized access to protected information. The problem occurs when libmemcached returns data for a previously requested key if the previous request timed out due to a low POLL TIMEOUT.

Recommendations For versions prior to 1.1.4, upgrade to version 1.1.4 to address the issue. As a temporary workaround, consider using a reasonably high POLL TIMEOUT setting, like the default. Use separate libmemcached connections for unrelated data to minimize the risk of exploitation. Do not re-use libmemcached connections in an unknown state to lower the probability of this bug affecting a given deployment.