7.5
CVE-2018-1000115
- EPSS 88.64%
- Veröffentlicht 05.03.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:39:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version17.10
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 88.64% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
https://usn.ubuntu.com/3588-1/
https://www.debian.org/security/2018/dsa-4218
https://access.redhat.com/errata/RHSA-2018:1593
https://access.redhat.com/errata/RHSA-2018:1627
https://access.redhat.com/errata/RHBA-2018:2140
https://access.redhat.com/errata/RHSA-2018:2331
https://access.redhat.com/errata/RHSA-2018:2857
https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html
https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
https://github.com/memcached/memcached/issues/348
https://github.com/memcached/memcached/wiki/ReleaseNotes156
https://twitter.com/dormando/status/968579781729009664
https://www.exploit-db.com/exploits/44264/
https://www.exploit-db.com/exploits/44265/
https://www.synology.com/support/security/Synology_SA_18_07