Home > Vulnerability Database > CVE-2018-1000115

Mend.io Vulnerability Database

CVE-2018-1000115

Good to know:

Date: March 5, 2018

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.

Language: C

Severity Score

7.5

Related Resources (20)

Url: https://access.redhat.com/errata/RHSA-2018:1627

Url: https://github.com/memcached/memcached/issues/348

Url: https://twitter.com/dormando/status/968579781729009664

Url: https://access.redhat.com/errata/RHSA-2018:2857

Url: https://www.debian.org/security/2018/dsa-4218

Url: https://www.synology.com/support/security/Synology_SA_18_07

Url: https://www.exploit-db.com/exploits/44265/

Url: https://security-tracker.debian.org/tracker/CVE-2018-1000115

Url: https://usn.ubuntu.com/3588-1/

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-1000115

Url: https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974

Url: https://access.redhat.com/security/cve/CVE-2018-1000115

Url: https://www.exploit-db.com/exploits/44264/

Url: https://github.com/memcached/memcached/wiki/ReleaseNotes156

Url: https://access.redhat.com/errata/RHSA-2018:2331

Url: https://access.redhat.com/errata/RHBA-2018:2140

Url: https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1000115

Url: https://access.redhat.com/errata/RHSA-2018:1593

Url: https://www.mend.io/vulnerability-database/CVE-2018-1000115

Severity Score

7.5

Weakness Type (CWE)

Input Validation

CWE-20

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

Upgrade to version 1.5.6

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-1000115

Good to know:

Date: March 5, 2018

Language: C

Severity Score

Related Resources (20)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?