CVE-2023-27478
Disclosure of unrelated data in libmemcached-awesome
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
07 mar 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Productos afectados
awesomized · libmemcached¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →