CVE-2018-1000115
NONE EPSS 99.8%
Published Mar 5, 20188y ago · Modified Jun 17, 20262w ago
Published Mar 5, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
Threat Intelligence
EPSS Exploit Probability
99.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-400 Uncontrolled Resource Consumption Resource Mgmt
Affected Products 11
References 15
- access.redhat.com https://access.redhat.com/errata/RHBA-2018:2140
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:1593
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:1627
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:2331
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:2857
- blogs.akamai.com https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html
- github.com https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
- github.com https://github.com/memcached/memcached/issues/348
- github.com https://github.com/memcached/memcached/wiki/ReleaseNotes156
- twitter.com https://twitter.com/dormando/status/968579781729009664
- usn.ubuntu.com https://usn.ubuntu.com/3588-1/
- debian.org https://www.debian.org/security/2018/dsa-4218
- exploit-db.com https://www.exploit-db.com/exploits/44264/
- exploit-db.com https://www.exploit-db.com/exploits/44265/
- synology.com https://www.synology.com/support/security/Synology_SA_18_07
Remediation
- github.com https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974