Vulnerability CVE-2023-46853: Information

Description

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-46853

Published: Oct. 27, 2023

Modified: Nov. 7, 2023

Error type identifier: CWE-193

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
memcached	p10_e2k	1.6.22-alt1	1.6.22-alt1	ALT-PU-2023-7202-1	-	Fixed
memcached	c10f1	1.6.22-alt1	1.6.22-alt1	ALT-PU-2023-7120-1	333840	Fixed
memcached	c9f2	1.6.22-alt1	1.6.22-alt1	ALT-PU-2023-7210-3	334389	Fixed

Hyperlink	Resource
https://github.com/memcached/memcached/compare/1.6.21...1.6.22	Release Notes
https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa	Patch

Affected configurations:
1. Configuration 1
  cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*
  End excliding
  1.6.22

Version: v24.5.3