CVE-2018-1000115

HIGH

memcached 1.5.5 - Denial of Service via UDP Traffic Amplification

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-1000115. PoCs published by 649, anonymous, Marek Majkowski, including Metasploit module auxiliary/scanner/memcached/memcached_amp.

AI-analyzed exploit summary This exploit leverages CVE-2018-1000115 to perform a distributed denial-of-service (DDoS) attack by spoofing UDP packets to vulnerable Memcached servers, amplifying traffic to a target. It uses the Shodan API to discover vulnerable servers and allows customization of payload and attack power.

Description

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.

Exploits (3)

exploitdb WORKING POC
by 649 · pythondoslinux
https://www.exploit-db.com/exploits/44265

This exploit leverages CVE-2018-1000115 to perform a distributed denial-of-service (DDoS) attack by spoofing UDP packets to vulnerable Memcached servers, amplifying traffic to a target. It uses the Shodan API to discover vulnerable servers and allows customization of payload and attack power.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Memcached (versions with UDP support exposed)
No auth needed
Prerequisites: Shodan API key · Network access to vulnerable Memcached servers · UDP port 11211 exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by anonymous · cdoslinux
https://www.exploit-db.com/exploits/44264

This exploit is a proof-of-concept for CVE-2028-1000115, demonstrating a UDP amplification attack against memcached servers. It spoofs UDP packets to reflect traffic to a target, leveraging vulnerable memcached instances.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: memcached (versions prior to 1.5.6)
No auth needed
Prerequisites: List of vulnerable memcached servers · Network access to UDP port 11211
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit SCANNER
by Marek Majkowski · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/memcached/memcached_amp.rb

This Metasploit module scans for Memcached servers exposing UDP port 11211 and checks for vulnerability to amplification attacks by sending a 'stats' request and analyzing the response. It does not exploit a vulnerability but identifies potential targets for DRDoS attacks.

Classification
Scanner 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Memcached (versions exposing UDP port 11211)
No auth needed
Prerequisites: Network access to UDP port 11211 on target Memcached servers
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHBA-2018:2140
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1593
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3588-1/
Third Party Advisory x_refsource_misc
https://github.com/memcached/memcached/wiki/ReleaseNotes156
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44264/
Third Party Advisory x_refsource_misc
https://twitter.com/dormando/status/968579781729009664
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44265/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2857
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1627
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2331
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4218
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/memcached/memcached/issues/348
Third Party Advisory x_refsource_confirm
https://www.synology.com/support/security/Synology_SA_18_07

Scores

CVSS v3 7.5
EPSS 0.8675
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (11)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 17.10
debian/debian_linux 8.0
debian/debian_linux 9.0
memcached/memcached 1.5.5
redhat/openstack 8
redhat/openstack 9
redhat/openstack 10
redhat/openstack 11
... and 1 more
Published Mar 05, 2018
Tracked Since Feb 18, 2026