Project

General

Profile

Bug #8831

Bug #8830: memcached: UDP server support allows spoofed traffic amplification DoS (CVE-2018-1000115)

[3.6] memcached: UDP server support allows spoofed traffic amplification DoS (CVE-2018-1000115)

Added by Alicha CH 8 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
04/24/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406)
vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification
of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP.

Fixed In Version:

memcached 1.5.6

References:

http://openwall.com/lists/oss-security/2018/03/07/3
https://nvd.nist.gov/vuln/detail/CVE-2018-1000115

Patch:

https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974


Related issues

Copied from Alpine Linux - Bug #8830: memcached: UDP server support allows spoofed traffic amplification DoS (CVE-2018-1000115)Closed2018-04-24

Associated revisions

Revision 7d777994 (diff)
Added by Leonardo Arena 6 months ago

main/memcached: security fix (CVE-2018-1000115)

Fixes #8831

History

#1 Updated by Alicha CH 8 months ago

  • Copied from Bug #8830: memcached: UDP server support allows spoofed traffic amplification DoS (CVE-2018-1000115) added

#2 Updated by Anonymous 6 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 6 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-1000115)

Also available in: Atom PDF