CVE-2018-1000115

HIGH

Memcached <1.5.6 - DoS

Title source: llm

Description

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.

Exploits (3)

exploitdb WORKING POC
by 649 · pythondoslinux
https://www.exploit-db.com/exploits/44265
exploitdb WORKING POC
by anonymous · cdoslinux
https://www.exploit-db.com/exploits/44264
metasploit SCANNER
by Marek Majkowski · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/memcached/memcached_amp.rb

References (15)

Scores

CVSS v3 7.5
EPSS 0.8253
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (11)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 17.10
debian/debian_linux 8.0
debian/debian_linux 9.0
memcached/memcached 1.5.5
redhat/openstack 8
redhat/openstack 9
redhat/openstack 10
redhat/openstack 11
... and 1 more
Published Mar 05, 2018
Tracked Since Feb 18, 2026