Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 916510 (CVE-2023-46852, CVE-2023-46853)

Summary: <net-misc/memcached-1.6.22: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: prometheanfire, robbat2
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa? cleanup]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-10-29 21:38:07 UTC 
CVE-2023-46852:

In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.

Patch: https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767

CVE-2023-46853:

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.

Patch: https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa