Published: 05/04/2022 Updated: 21/05/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows malicious users to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php memcached

Debian Bug report logs - #1009328 php-memcached: CVE-2022-26635 Package: src:php-memcached; Maintainer for src:php-memcached is Debian PHP PECL Maintainers <team+php-pecl@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 11 Apr 2022 19:21:10 UTC Severity: important Tags: security, ...

PHP-Memcached v220 and below contains an improper NULL termination which allows attackers to execute CLRF injection (CVE-2022-26635) ...

NVD-CWE-Other https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/https://github.com/php-memcached-dev/php-memcached/issues/519 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009328 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2023-1673.html

CVE-2022-26635

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect