Wiz
Vulnerability DatabaseCVE-2021-37519

CVE-2021-37519
Memcached vulnerability analysis and mitigation

Overview

CVE-2021-37519 is a Buffer Overflow vulnerability discovered in memcached version 1.6.9. The vulnerability exists in the authfile.c component and allows attackers to cause a denial of service through a crafted authentication file (CVE, NVD).

Technical details

The vulnerability is a heap buffer overflow that occurs in the authfile.c component when processing the authentication file. The issue arises when reading the --auth-file parameter, where insufficient buffer allocation can lead to a heap buffer overflow. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium), with attack vector being Local, attack complexity Low, requiring no privileges but user interaction (Ubuntu).

Impact

The primary impact of this vulnerability is the potential for denial of service attacks. When successfully exploited, an attacker could cause the memcached service to crash through a specially crafted authentication file (Debian).

Mitigation and workarounds

The vulnerability was fixed in memcached version 1.6.10 through a patch that allocates an extra byte for reading the last entry when there is no newline at the end of the file and adds additional checks for null bytes when reading the last entry (GitHub PR).

Additional resources

SourceThis report was generated using AI

Related Memcached vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2023-46853CRITICAL9.8
  • MemcachedMemcached
  • memcached-debugsource
NoYesOct 27, 2023
CVE-2023-46852HIGH7.5
  • MemcachedMemcached
  • memcached
NoYesOct 27, 2023
CVE-2022-48571HIGH7.5
  • MemcachedMemcached
  • memcached
NoYesAug 22, 2023
CVE-2020-22570HIGH7.5
  • MemcachedMemcached
  • memcached
NoYesAug 22, 2023
CVE-2021-37519MEDIUM5.5
  • MemcachedMemcached
  • cpe:2.3:a:memcached:memcached
NoYesFeb 03, 2023

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo