CVE-2023-46852

In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
memcachedmemcached
𝑥
< 1.6.22
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
memcachedmemcached
𝑥
< 1.6.22
ADP
Debian logo
Debian Releases
Debian Product
Codename
memcached
bookworm
no-dsa
bullseye
no-dsa
buster
not-affected
sid
1.6.34-1
fixed
trixie
1.6.33-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
memcached
bionic
not-affected
focal
not-affected
jammy
Fixed 1.6.14-1ubuntu0.1
released
lunar
Fixed 1.6.18-1ubuntu0.1
released
mantic
Fixed 1.6.21-1ubuntu0.23.10.1
released
noble
not-affected
trusty
ignored
xenial
not-affected
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
memcached
Amazon Linux 2023
0:1.6.22-2.amzn2023.0.1
fixed
memcached-debuginfo
Amazon Linux 2023
0:1.6.22-2.amzn2023.0.1
fixed
memcached-debugsource
Amazon Linux 2023
0:1.6.22-2.amzn2023.0.1
fixed
memcached-devel
Amazon Linux 2023
0:1.6.22-2.amzn2023.0.1
fixed
memcached-selinux
Amazon Linux 2023
0:1.6.22-2.amzn2023.0.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
memcached
Azure Linux 3.0
0:1.6.27-1.azl3
fixed
CBL-Mariner 2.0
0:1.6.22-1.cm2
fixed