QID 671098
Date Published: 2021-11-29
QID 671098: EulerOS Security Update for memcached (EulerOS-SA-2019-2213)
Memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.
Security fix(es): memcached version 1.5.5 contains an insufficient control of network message volume (network amplification, cwe-406) vulnerability in the udp support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources).
This attack appear to be exploitable via network connectivity to port 11211 udp.
This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the udp protocol by default.(cve-2018-1000115) the try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read.
Note: this vulnerability exists because of an incomplete fix for cve-2016-8705.(cve-2017-9951)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
An arbitrary attacker may exploit this vulnerability to compromise the system.
CVEs related to QID 671098
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| EulerOS-SA-2019-2213 | EulerOS V2.0SP5 |
developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2213 |