CVE-2018-1000115

NONE EPSS 99.8%
Published Mar 5, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 5, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.

Threat Intelligence

EPSS Exploit Probability
99.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-400 Uncontrolled Resource Consumption Resource Mgmt

Affected Products 11

VendorProductVersionRange
memcachedmemcached1.5.5any
canonicalubuntu_linux14.04any
canonicalubuntu_linux16.04any
canonicalubuntu_linux17.10any
debiandebian_linux8.0any
debiandebian_linux9.0any
redhatopenstack8any
redhatopenstack9any
redhatopenstack10any
redhatopenstack11any
redhatopenstack12any

References 15

  • access.redhat.com https://access.redhat.com/errata/RHBA-2018:2140
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:1593
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:1627
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:2331
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:2857
    Third Party Advisory
  • blogs.akamai.com https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html
    Third Party Advisory
  • github.com https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
    PatchThird Party Advisory
  • github.com https://github.com/memcached/memcached/issues/348
    Issue TrackingThird Party Advisory
  • github.com https://github.com/memcached/memcached/wiki/ReleaseNotes156
    Third Party Advisory
  • twitter.com https://twitter.com/dormando/status/968579781729009664
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3588-1/
    Third Party Advisory
  • debian.org https://www.debian.org/security/2018/dsa-4218
    Third Party Advisory
  • exploit-db.com https://www.exploit-db.com/exploits/44264/
    ExploitThird Party AdvisoryVDB Entry
  • exploit-db.com https://www.exploit-db.com/exploits/44265/
    ExploitThird Party AdvisoryVDB Entry
  • synology.com https://www.synology.com/support/security/Synology_SA_18_07
    Third Party Advisory

Remediation

  • github.com https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
    PatchThird Party Advisory