CVE-2018-1000115

HIGH

Memcached <1.5.6 - DoS

Title source: llm

Description

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.

Exploits (3)

exploitdb WORKING POC

by 649 · pythondoslinux

https://www.exploit-db.com/exploits/44265

View Code ZIP pw:eip

exploitdb WORKING POC

by anonymous · cdoslinux

https://www.exploit-db.com/exploits/44264

View Code ZIP pw:eip

metasploit SCANNER

by Marek Majkowski · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/memcached/memcached_amp.rb

View Code ZIP pw:eip

References (15)

[Third Party Advisory] https://access.redhat.com/errata/RHBA-2018:2140

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:1593

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:1627

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:2331

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:2857

[Third Party Advisory] https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html

[Patch, Third Party Advisory] https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974

[Issue Tracking, Third Party Advisory] https://github.com/memcached/memcached/issues/348

[Third Party Advisory] https://github.com/memcached/memcached/wiki/ReleaseNotes156

[Third Party Advisory] https://twitter.com/dormando/status/968579781729009664

[Third Party Advisory] https://usn.ubuntu.com/3588-1/

[Third Party Advisory] https://www.debian.org/security/2018/dsa-4218

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44264/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44265/

[Third Party Advisory] https://www.synology.com/support/security/Synology_SA_18_07

Scores

CVSS v3 7.5

EPSS 0.8253

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-400

Status published

Affected Products (11)

memcached/memcached

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

debian/debian_linux

debian/debian_linux

redhat/openstack

redhat/openstack

redhat/openstack

redhat/openstack

redhat/openstack

Timeline

Published Mar 05, 2018

Tracked Since Feb 18, 2026