Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-27478

Published: 07/03/2023 Updated: 23/03/2023
CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Awesome

Vulnerability Summary

libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

awesome libmemcached

Vendor Advisories

Debian CVElist Bug Report Logs: libmemcached: CVE-2023-27478
Debian Bug report logs - #1032479 libmemcached: CVE-2023-27478 Package: src:libmemcached; Maintainer for src:libmemcached is Ondřej Surý <ondrej@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 7 Mar 2023 21:21:01 UTC Severity: grave Tags: security, upstream Found in version libmemcac ...
Red Hat:
Description<!---->A vulnerability was found in libmemcached This security flaw occurs because it could return data for a previously requested key if that previous request timed out due to a low POLL_TIMEOUTA vulnerability was found in libmemcached This security flaw occurs because it could return data for a previously requested key if that previ ...

References

CWE-200https://github.com/awesomized/libmemcached/security/advisories/GHSA-wwmh-39wj-fx59https://github.com/awesomized/libmemcached/commit/48dcc61ahttps://github.com/awesomized/libmemcached/releases/tag/1.1.4https://github.com/php-memcached-dev/php-memcached/issues/531https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032479https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-27478
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook