← Voltar para CVEs
CVE-2018-1000115
N/ADescricao
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado3/5/2018
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
canonical:ubuntu_linuxdebian:debian_linuxmemcached:memcachedredhat:openstack
Fraquezas (CWE)
CWE-400
Referencias
https://access.redhat.com/errata/RHBA-2018:2140(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:1593(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:1627(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:2331(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:2857(cve@mitre.org)
https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974(cve@mitre.org)
https://github.com/memcached/memcached/issues/348(cve@mitre.org)
https://github.com/memcached/memcached/wiki/ReleaseNotes156(cve@mitre.org)
https://twitter.com/dormando/status/968579781729009664(cve@mitre.org)
https://usn.ubuntu.com/3588-1/(cve@mitre.org)
https://www.debian.org/security/2018/dsa-4218(cve@mitre.org)
https://www.exploit-db.com/exploits/44264/(cve@mitre.org)
https://www.exploit-db.com/exploits/44265/(cve@mitre.org)
https://www.synology.com/support/security/Synology_SA_18_07(cve@mitre.org)
https://access.redhat.com/errata/RHBA-2018:2140(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1593(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1627(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2331(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2857(af854a3a-2127-422b-91ae-364da2661108)
https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/memcached/memcached/issues/348(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/memcached/memcached/wiki/ReleaseNotes156(af854a3a-2127-422b-91ae-364da2661108)
https://twitter.com/dormando/status/968579781729009664(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3588-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4218(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44264/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44265/(af854a3a-2127-422b-91ae-364da2661108)
https://www.synology.com/support/security/Synology_SA_18_07(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.