CVE-2023-46853

moderate-risk
Published 2023-10-27

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.

Do I need to act?

-
0.15% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 9723c0ea8ec1237b8364410ba982af8ea020a2b6, 6987918e9a3094ec4fc8976f01f769f624d790fa
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Memcached

References (4)

Patch https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624...
Release Notes https://github.com/memcached/memcached/compare/1.6.21...1.6.22
Patch https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624...
Release Notes https://github.com/memcached/memcached/compare/1.6.21...1.6.22
38
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal