Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-46852
CVE-2023-46852:
Memcached vulnerability analysis and mitigation
Overview
A buffer overflow vulnerability (CVE-2023-46852) was discovered in Memcached versions before 1.6.22. The vulnerability exists when processing multiget requests in proxy mode, specifically when there are many spaces after the 'get' substring (NVD).
Technical details
The vulnerability is classified as a classic buffer overflow (CWE-120) with a CVSS v3.1 base score of 7.5 (HIGH), and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue occurs when processing requests with excessive spaces after the 'get' command in proxy mode. The exploit requires the request before the first newline to be less than 1024 bytes, with a limit of 100 spaces, and key length checked at 250 bytes (GitHub Patch).
Impact
A remote attacker could potentially exploit this vulnerability to cause Memcached to crash, resulting in a denial of service, or possibly execute arbitrary code (Ubuntu Security).
Mitigation and workarounds
The vulnerability has been fixed in Memcached version 1.6.22. The fix caps the amount of data pre-key to be reasonable, limiting it to 20 bytes. Users are advised to upgrade to this version or later (Debian Security).
Additional resources
Source: This report was generated using AI
Related Memcached vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management