CVE-2022-26635

Опубликовано: 05 апр. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly.

Ссылки

https://github.com/php-memcached-dev/php-memcached/issues/519
https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/
Exploit
Third Party Advisory
https://github.com/php-memcached-dev/php-memcached/issues/519
https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:php:memcached:*:*:*:*:*:*:*:*

Версия до 2.2.0 (включая)

EPSS

Процентиль: 96%

0.24293

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2022-26635

CVSS3: 9.8

ubuntu

почти 4 года назад

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly.

CVE-2022-26635

CVSS3: 9.8

msrc

почти 4 года назад

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly.

CVE-2022-26635

CVSS3: 9.8

debian

почти 4 года назад

PHP-Memcached v2.2.0 and below contains an improper NULL termination w ...

GHSA-hph6-79wj-qqmw

CVSS3: 9.8

github

почти 4 года назад

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection.

EPSS

Процентиль: 96%

0.24293

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-Other