memcached
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Distributed memory object caching system |
| Version | 1.6.21-2 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-941 | 1.5.5-1 | 1.5.6-1 | High | Fixed | |
| AVG-55 | 1.4.31-1 | 1.4.32-1 | Critical | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2018-1000115 | AVG-941 | High | Yes | Insufficient validation | Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the... |
| CVE-2016-8706 | AVG-55 | Critical | Yes | Arbitrary code execution | An integer overflow in process_bin_sasl_auth function which is responsible for authentication commands of Memcached binary protocol can be abused to cause... |
| CVE-2016-8705 | AVG-55 | Critical | Yes | Arbitrary code execution | Multiple integer overflows in process_bin_update function which is responsible for processing multiple commands of Memcached binary protocol can be abused... |
| CVE-2016-8704 | AVG-55 | Critical | Yes | Arbitrary code execution | An integer overflow in the process_bin_append_prepend function which is responsible for processing multiple commands of Memcached binary protocol can be... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 01 Nov 2016 | ASA-201611-1 | AVG-55 | Critical | arbitrary code execution |