[3.6] memcached: UDP server support allows spoofed traffic amplification DoS (CVE-2018-1000115)
Memcached version 1.5.5 contains an Insufficient Control of Network
Message Volume (Network Amplification, CWE-406)
vulnerability in the UDP support of the memcached server that can result
in denial of service via network flood (traffic amplification
of 1:50,000 has been reported by reliable sources). This attack appear
to be exploitable via network connectivity to port 11211 UDP.
Fixed In Version:
memcached 1.5.6
References:
http://openwall.com/lists/oss-security/2018/03/07/3
https://nvd.nist.gov/vuln/detail/CVE-2018-1000115
Patch:
https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
(from redmine: issue id 8831, created on 2018-04-24, closed on 2018-06-12)
- Relations:
- copied_to #8830 (closed)
- parent #8830 (closed)
- Changesets:
- Revision 7d777994 on 2018-06-11T13:00:50Z:
main/memcached: security fix (CVE-2018-1000115)
Fixes #8831