Table 2.
Detailed vulnerability description of Memcached.
| Vulnerability Reference | Description |
|---|---|
| CVE-2020-10931 | Insufficient authentication of user input is why this vulnerability exists in memcached.c when a binary protocol header is parsed in the try_read_command_binary() function. DoS attacks can be performed using this vulnerability. |
| CVE-2019-11596 | “lru mode” and “lru temp_ttl” commands were found to be dereferencing the NULL pointer in Memcached versions before 1.5.14, making it prone to denial of service. |
| CVE-2019-15026 | In Memcached version 1.5.16, while using UNIX sockets in memcached.c, a buffer over-read was found in conn_to_str, causing a denial of service. |
| CVE-2018-1000115 | This is the vulnerability caused due to open UDP port at 11211. In UDP support up to Memcached version 1.5.5, network message volume could not be controlled sufficiently, making it vulnerable to denial-of-service attacks. An amplification factor of 50,000 could be achieved using this. |