memcached: UDP server support allows spoofed traffic amplification DoS (CVE-2018-1000115)
Memcached version 1.5.5 contains an Insufficient Control of Network
Message Volume (Network Amplification, CWE-406)
vulnerability in the UDP support of the memcached server that can result
in denial of service via network flood (traffic amplification
of 1:50,000 has been reported by reliable sources). This attack appear
to be exploitable via network connectivity to port 11211 UDP.
Fixed In Version:
memcached 1.5.6
References:
http://openwall.com/lists/oss-security/2018/03/07/3
https://nvd.nist.gov/vuln/detail/CVE-2018-1000115
Patch:
https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
(from redmine: issue id 8830, created on 2018-04-24, closed on 2018-07-19)
- Relations:
- copied_to #8831 (closed)
- copied_to #8832 (closed)
- copied_to #8833 (closed)
- child #8831 (closed)
- child #8832 (closed)
- child #8833 (closed)